Date: Tue, 21 Apr 2015 02:31:47 +0100 From: Ben Hutchings <ben@...adent.org.uk> To: oss-security <oss-security@...ts.openwall.com> Cc: 782561@...s.debian.org Subject: Re: Buffer overruns in Linux kernel RFC4106 implementation using AESNI On Tue, 2015-04-14 at 21:46 +0100, Ben Hutchings wrote: > Linux kernel commit ccfe8c3f7e52 ("crypto: aesni - fix memory usage in > GCM decryption") fixes two bugs in pointer arithmetic that lead to > buffer overruns (even with valid parameters!): > > https://git.kernel.org/linus/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a > > These are described as resulting in DoS (local or remote), but are > presumably also exploitable for privilege escalation. > > The bugs appear to have been introduced by commit 0bd82f5f6355 ("crypto: > aesni-intel - RFC4106 AES-GCM Driver Using Intel New Instructions") in > Linux 2.6.38. [...] After some discussion of these bugs, I'd like to provide my current understanding of the attack vectors. I haven't reproduced the bug or analysed the code myself; this is only based on what I've been told. - The affected code paths are reachable through AF_ALG, but only using the algif_aead module which has not been included in any released kernel. The module and the fix will be part of Linux 4.1. So this attack vector can be largely ignored. - The kernel developers thought that these code paths were not used for decrypting packets for IPsec tunnels. However, they are if a packet is reassembled from IP fragments. This really does cause DoS, confirmed in <https://bugs.debian.org/782561>. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse. [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ