Bugzilla – Bug 1040389
VUL-0: CVE-2017-9211: kernel-source: crypto_skcipher_init_tf in crypto/skcipher.c relies on a setkey function without a key-size check
Last modified: 2017-12-27 20:44:21 UTC
CVE-2017-9211 The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9211 https://patchwork.kernel.org/patch/9718933/ https://github.com/torvalds/linux/commit/9933e113c2e87a9f46a40fde8dafbf801dca1ab9 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9933e113c2e87a9f46a40fde8dafbf801dca1ab9
crypto: skcipher - Add missing API setkey checks The API setkey checks for key sizes and alignment went AWOL during the skcipher conversion. This patch restores them. Cc: <stable@vger.kernel.org> Fixes: 4e6c3df4d729 ("crypto: skcipher - Add low-level skcipher...") Reported-by: Baozeng <sploving1@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 4e6c3df4d729 is in 4.8
Looks like only TW is affected. I backported to stable git branch now. Reassigned back to security team.
thx, done!