Linux kernel commit ccfe8c3f7e52 ("crypto: aesni - fix memory usage in
GCM decryption") fixes two bugs in pointer arithmetic that lead to
buffer overruns (even with valid parameters!):https://git.kernel.org/linus/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a These are described as resulting in DoS (local or remote), but are presumably also exploitable for privilege escalation. The bugs appear to have been introduced by commit 0bd82f5f6355 ("crypto: aesni-intel - RFC4106 AES-GCM Driver Using Intel New Instructions") in Linux 2.6.38. The above fix is included in Linux 4.0 and the following stable updates: v3.10.73: 31c06b946ce6 crypto: aesni - fix memory usage in GCM decryption v3.12.40: 0585664d1732 crypto: aesni - fix memory usage in GCM decryption v3.14.37: e9b15363c101 crypto: aesni - fix memory usage in GCM decryption v3.18.11: 3b389956156c crypto: aesni - fix memory usage in GCM decryption v3.19.3: b90935f1d9a0 crypto: aesni - fix memory usage in GCM decryption v3.13.11-ckt19: 40e073009626 crypto: aesni - fix memory usage in GCM decryption Please assign a CVE ID for this. Ben. -- Ben Hutchings Editing code like this is akin to sticking plasters on the bleeding stump of a severed limb. - me, 29 June 1999
signature.asc
Description: This is a digitally signed message part
