Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Jan 2017 09:21:11 -0500 (EST)
From: Vladis Dronov <>
Subject: CVE request -- linux kernel: crash by spawning mcrypt(alg) with
 incompatible algorithm


Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct
crypto_alloc_tfm invocation using a "mcryptd(alg)" name construct. This causes
mcryptd to crash the kernel if an arbitrary "alg" is incompatible and not intended
to be used with mcryptd.

This could be a potential attack to crash the kernel by user program using AF_ALG
to request an invalid algorithm such as mcryptd(md5).

Initial discussion:

Suggested Patch:

Upstream patch:

Red Hat Product Security Bugzilla:

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.