oss-sec mailing list archives
Re: Buffer overruns in Linux kernel RFC4106 implementation using AESNI
From: Ben Hutchings <ben () decadent org uk>
Date: Tue, 21 Apr 2015 02:31:47 +0100
On Tue, 2015-04-14 at 21:46 +0100, Ben Hutchings wrote:
Linux kernel commit ccfe8c3f7e52 ("crypto: aesni - fix memory usage in GCM decryption") fixes two bugs in pointer arithmetic that lead to buffer overruns (even with valid parameters!): https://git.kernel.org/linus/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a These are described as resulting in DoS (local or remote), but are presumably also exploitable for privilege escalation. The bugs appear to have been introduced by commit 0bd82f5f6355 ("crypto: aesni-intel - RFC4106 AES-GCM Driver Using Intel New Instructions") in Linux 2.6.38.
[...] After some discussion of these bugs, I'd like to provide my current understanding of the attack vectors. I haven't reproduced the bug or analysed the code myself; this is only based on what I've been told. - The affected code paths are reachable through AF_ALG, but only using the algif_aead module which has not been included in any released kernel. The module and the fix will be part of Linux 4.1. So this attack vector can be largely ignored. - The kernel developers thought that these code paths were not used for decrypting packets for IPsec tunnels. However, they are if a packet is reassembled from IP fragments. This really does cause DoS, confirmed in <https://bugs.debian.org/782561>. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Buffer overruns in Linux kernel RFC4106 implementation using AESNI Ben Hutchings (Apr 14)
- Re: Buffer overruns in Linux kernel RFC4106 implementation using AESNI cve-assign (Apr 17)
- Re: Buffer overruns in Linux kernel RFC4106 implementation using AESNI Ben Hutchings (Apr 20)