Linux Kernel IPSec Policies Authorization Bypass Vulnerability

Linux Kernel IPSec Policies Authorization Bypass Vulnerability

Linux Kernel is prone to an authorization-bypass vulnerability.

This issue is due to a failure in the application to perform proper authorization before permitting access to a privileged function.

Successful exploitation will permit a local attacker to bypass intended IPSec policies, set invalid policies, and cause a denial of service when adding policies until kernel memory is exhausted.

Note that an attacker can use this vulnerability to enhance the exploitation of BID 14477 (Linux Kernel XFRM Array Index Buffer Overflow Vulnerability); that issue requires the ability to add IPSec policies.