Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Nov 2016 11:15:49 -0400 (EDT)
From: Vladis Dronov <>
Subject: CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by


We would like to ask for a CVE-ID for the following security flaw.

The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel
before 4.5 allows local users to cause a system crash and a denial
of service by the NULL pointer dereference via accept(2) system call
for AF_ALG socket without calling setkey() first to set a cipher key.

Initial discussion:!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ

Red Hat Product Security Bugzilla:

Initial upstream patch (followed by a set of the related patches):

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ