oss-sec mailing list archives
CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref
From: Vladis Dronov <vdronov () redhat com>
Date: Thu, 3 Nov 2016 11:15:49 -0400 (EDT)
Hello, We would like to ask for a CVE-ID for the following security flaw. The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key. Initial discussion: https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ Red Hat Product Security Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1386286 Initial upstream patch (followed by a set of the related patches): https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Current thread:
- CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref Vladis Dronov (Nov 03)
- Re: CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref cve-assign (Nov 04)