crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390
Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390
Fix af_alg_alloc_areq() to initialise areq->first_rsgl.sgl.sgt.sgl to point to the scatterlist array in areq->first_rsgl.sgl.sgl.
Without this, the gcm-aes-s390 driver will oops when it tries to do gcm_walk_start() on req->dst because req->dst is set to the value of areq->first_rsgl.sgl.sgl by _aead_recvmsg() calling aead_request_set_crypt().
The problem comes if an empty ciphertext is passed: the loop in af_alg_get_rsgl() just passes straight out and doesn't set areq->first_rsgl up.
This isn't a problem on x86_64 using gcmaes_crypt_by_sg() because, as far as I can tell, that ignores req->dst and only uses req->src[*].
[*] Is this a bug in aesni-intel_glue.c?
The s390x oops looks something like:
Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 0000000a00000000 TEID: 0000000a00000803 Fault in home space mode while using kernel ASCE. AS:00000000a43a0007 R3:0000000000000024 Oops: 003b ilc:2 [#1] SMP ... Call Trace: [<000003ff7fc3d47e>] gcm_walk_start+0x16/0x28 [aes_s390] [<00000000a2a342f2>] crypto_aead_decrypt+0x9a/0xb8 [<00000000a2a60888>] aead_recvmsg+0x478/0x698 [<00000000a2e519a0>] sock_recvmsg+0x70/0xb0 [<00000000a2e51a56>] sock_read_iter+0x76/0xa0 [<00000000a273e066>] vfs_read+0x26e/0x2a8 [<00000000a273e8c4>] ksys_read+0xbc/0x100 [<00000000a311d808>] __do_syscall+0x1d0/0x1f8 [<00000000a312ff30>] system_call+0x70/0x98 Last Breaking-Event-Address: [<000003ff7fc3e6b4>] gcm_aes_crypt+0x104/0xa68 [aes_s390]
Affected products
76- osv-coords74 versionspkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 6.4.0-150600.23.78.1+ 73 more
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.8.55.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.23.78.1.150600.12.34.2
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.10.58.1
- (no CPE)range: < 6.4.0-150600.10.58.1
- (no CPE)range: < 6.4.0-150600.8.55.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.10.58.1
- (no CPE)range: < 6.4.0-150600.8.55.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.10.58.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-150600.8.55.1
- (no CPE)range: < 6.4.0-150700.20.18.1
- (no CPE)range: < 6.4.0-150600.23.78.1.150600.12.34.2
- (no CPE)range: < 6.4.0-150700.53.22.1.150700.17.15.1
- (no CPE)range: < 6.4.0-36.1.21.13
- (no CPE)range: < 6.4.0-36.1.21.13
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-36.1
- (no CPE)range: < 6.4.0-36.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-36.1
- (no CPE)range: < 6.4.0-36.1
- (no CPE)range: < 1-150600.1.3.1
- (no CPE)range: < 1-150600.13.5.1
- (no CPE)range: < 1-150700.1.3.1
- (no CPE)range: < 1-150700.15.3.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-150600.10.58.1
- (no CPE)range: < 6.4.0-38.1
- (no CPE)range: < 6.4.0-38.1
- (no CPE)range: < 6.4.0-150600.10.58.1
- (no CPE)range: < 6.4.0-150700.7.22.1
- (no CPE)range: < 6.4.0-150600.8.55.1
- (no CPE)range: < 6.4.0-150700.20.18.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-36.1
- (no CPE)range: < 6.4.0-36.1
- (no CPE)range: < 6.4.0-38.1
- (no CPE)range: < 6.4.0-38.1
- (no CPE)range: < 6.4.0-150600.10.58.1
- (no CPE)range: < 6.4.0-150700.7.22.1
- (no CPE)range: < 6.4.0-150600.8.55.1
- (no CPE)range: < 6.4.0-150700.20.18.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
- (no CPE)range: < 6.4.0-150600.10.58.1
- (no CPE)range: < 6.4.0-150700.7.22.1
- (no CPE)range: < 6.4.0-150600.23.78.1
- (no CPE)range: < 6.4.0-150700.53.22.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.