Date: Thu, 3 Nov 2016 11:15:49 -0400 (EDT) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref Hello, We would like to ask for a CVE-ID for the following security flaw. The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key. Initial discussion: https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ Red Hat Product Security Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1386286 Initial upstream patch (followed by a set of the related patches): https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ