oss-sec mailing list archives
Re: CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm
From: Lokesh Ubuntu <lokesh.ubuntu () gmail com>
Date: Tue, 17 Jan 2017 20:25:19 +0530
Do we have CVE for this? If not so why don't we have one? Thanks! Regards, Lokesh On Jan 17, 2017 19:51, "Vladis Dronov" <vdronov () redhat com> wrote:
Hello, Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a "mcryptd(alg)" name construct. This causes mcryptd to crash the kernel if an arbitrary "alg" is incompatible and not intended to be used with mcryptd. This could be a potential attack to crash the kernel by user program using AF_ALG to request an invalid algorithm such as mcryptd(md5). Initial discussion: https://marc.info/?l=dm-devel&m=148063708010538&w=2 Suggested Patch: http://marc.info/?l=linux-crypto-vger&m=148096718218312&w=2 Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/ linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd Red Hat Product Security Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1404200 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Current thread:
- CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm Vladis Dronov (Jan 17)
- Re: CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm Lokesh Ubuntu (Jan 17)
- Re: CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm cve-assign (Jan 17)