oss-security - CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <510000852.12772202.1484662871690.JavaMail.zimbra@redhat.com>
Date: Tue, 17 Jan 2017 09:21:11 -0500 (EST)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request -- linux kernel: crash by spawning mcrypt(alg) with
 incompatible algorithm

Hello,

Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct
crypto_alloc_tfm invocation using a "mcryptd(alg)" name construct. This causes
mcryptd to crash the kernel if an arbitrary "alg" is incompatible and not intended
to be used with mcryptd.

This could be a potential attack to crash the kernel by user program using AF_ALG
to request an invalid algorithm such as mcryptd(md5).

Initial discussion:

https://marc.info/?l=dm-devel&m=148063708010538&w=2

Suggested Patch:

http://marc.info/?l=linux-crypto-vger&m=148096718218312&w=2

Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd

Red Hat Product Security Bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=1404200

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.