Date: Tue, 17 Jan 2017 20:25:19 +0530 From: Lokesh Ubuntu <lokesh.ubuntu@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm Do we have CVE for this? If not so why don't we have one? Thanks! Regards, Lokesh On Jan 17, 2017 19:51, "Vladis Dronov" <vdronov@...hat.com> wrote: > Hello, > > Algorithms not compatible with mcryptd could be spawned by mcryptd with a > direct > crypto_alloc_tfm invocation using a "mcryptd(alg)" name construct. This > causes > mcryptd to crash the kernel if an arbitrary "alg" is incompatible and not > intended > to be used with mcryptd. > > This could be a potential attack to crash the kernel by user program using > AF_ALG > to request an invalid algorithm such as mcryptd(md5). > > Initial discussion: > > https://marc.info/?l=dm-devel&m=148063708010538&w=2 > > Suggested Patch: > > http://marc.info/?l=linux-crypto-vger&m=148096718218312&w=2 > > Upstream patch: > > https://git.kernel.org/cgit/linux/kernel/git/torvalds/ > linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd > > Red Hat Product Security Bugzilla: > > https://bugzilla.redhat.com/show_bug.cgi?id=1404200 > > Best regards, > Vladis Dronov | Red Hat, Inc. | Product Security Engineer >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.