On Tue, 2015-04-14 at 21:46 +0100, Ben Hutchings wrote:
> Linux kernel commit ccfe8c3f7e52 ("crypto: aesni - fix memory usage in
> GCM decryption") fixes two bugs in pointer arithmetic that lead to
> buffer overruns (even with valid parameters!):
>
> https://git.kernel.org/linus/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
>
> These are described as resulting in DoS (local or remote), but are
> presumably also exploitable for privilege escalation.
>
> The bugs appear to have been introduced by commit 0bd82f5f6355 ("crypto:
> aesni-intel - RFC4106 AES-GCM Driver Using Intel New Instructions") in
> Linux 2.6.38.
[...]
After some discussion of these bugs, I'd like to provide my current
understanding of the attack vectors. I haven't reproduced the bug or
analysed the code myself; this is only based on what I've been told.
- The affected code paths are reachable through AF_ALG, but only using
the algif_aead module which has not been included in any released
kernel. The module and the fix will be part of Linux 4.1. So this
attack vector can be largely ignored.
- The kernel developers thought that these code paths were not used for
decrypting packets for IPsec tunnels. However, they are if a packet
is reassembled from IP fragments. This really does cause DoS,
confirmed in <https://bugs.debian.org/782561>.
Ben.
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
Attachment:
signature.asc
Description: This is a digitally signed message part