Описание
In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption.
Отчет
The ESSIV AEAD path failed to validate ssize = assoclen - ivsize for decryption and in-place encryption. A negative ssize could flow into scatterwalk_map_and_copy(), causing out-of-bounds writes/reads of the IV region and kernel crashes or memory corruption. The fix computes ivsize/ssize up front, rejects ssize < 0, and consistently uses these locals across branches, covering decrypt and in-place cases. Privilege required is local (e.g., reachable via kernel crypto consumers or AF_ALG setups), with primary impact on availability and potential integrity compromise. The system is not vulnerable if ESSIV is not in use (i.e. the essiv/aes-cbc-essiv implementation is not present or not being used by any disk/crypto consumer).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fix deferred | ||
| Red Hat Enterprise Linux 9 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption.
In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption.
crypto: essiv - Check ssize for decryption and in-place encryption
In the Linux kernel, the following vulnerability has been resolved: c ...
In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption.
EPSS
6.1 Medium
CVSS3