Medium severity5.5NVD Advisory· Published May 24, 2012· Updated Apr 29, 2026
CVE-2011-4081
CVE-2011-4081
Description
crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.
Affected products
1Patches
17ed47b7d142ecrypto: ghash - Avoid null pointer dereference if no key is set
1 file changed · +6 −0
crypto/ghash-generic.c+6 −0 modified@@ -67,6 +67,9 @@ static int ghash_update(struct shash_desc *desc, struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm); u8 *dst = dctx->buffer; + if (!ctx->gf128) + return -ENOKEY; + if (dctx->bytes) { int n = min(srclen, dctx->bytes); u8 *pos = dst + (GHASH_BLOCK_SIZE - dctx->bytes); @@ -119,6 +122,9 @@ static int ghash_final(struct shash_desc *desc, u8 *dst) struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm); u8 *buf = dctx->buffer; + if (!ctx->gf128) + return -ENOKEY; + ghash_flush(ctx, dctx); memcpy(dst, buf, GHASH_BLOCK_SIZE);
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1nvdMailing ListPatchVendor Advisory
- www.openwall.com/lists/oss-security/2011/10/27/2nvdMailing ListPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74cnvdExploitPatchThird Party Advisory
News mentions
0No linked articles in our index yet.