Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1404200 - (CVE-2016-10147) CVE-2016-10147 kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm
CVE-2016-10147 kernel: Kernel crash by spawning mcrypt(alg) with incompatible...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20161202,repor...
: Security
Depends On: 1402133 1413977
Blocks: 1404201
  Show dependency treegraph
 
Reported: 2016-12-13 05:20 EST by Adam Mariš
Modified: 2018-08-28 18:11 EDT (History)
20 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a "mcryptd(alg)" name construct. This causes mcryptd to crash the kernel if an arbitrary "alg" is incompatible and not intended to be used with mcryptd.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:3163 normal SHIPPED_LIVE new packages: kernel-alt 2017-11-09 09:59:25 EST
Red Hat Product Errata RHSA-2017:1842 normal SHIPPED_LIVE Important: kernel security, bug fix, and enhancement update 2017-08-01 14:22:09 EDT
Red Hat Product Errata RHSA-2017:2077 normal SHIPPED_LIVE Important: kernel-rt security, bug fix, and enhancement update 2017-08-01 14:13:37 EDT

  None (edit)
Description Adam Mariš 2016-12-13 05:20:04 EST 
Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a "mcryptd(alg)" name construct.  This causes mcryptd to crash the kernel if an arbitrary "alg" is incompatible and not intended to be used with mcryptd.

This could be a potential attack to crash the kernel by user program using AF_ALG to request an invalid algorithm such as mcryptd(md5).

Upstream report:

https://marc.info/?l=dm-devel&m=148063708010538&w=2

Suggested Patch:

http://marc.info/?l=linux-crypto-vger&m=148096718218312&w=2

Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd

CVE-ID request and assignment:

http://seclists.org/oss-sec/2017/q1/118

http://seclists.org/oss-sec/2017/q1/127
Comment 4 Vladis Dronov 2017-01-17 08:45:05 EST 
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG-2 as the flaw is not present in the products listed.
Comment 6 errata-xmlrpc 2017-08-01 15:11:36 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077
Comment 7 errata-xmlrpc 2017-08-02 03:51:39 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.