An issue with ASN1.1 DER decoder was reported that a specially created key file could lead to a local denial of service (kernel panic) via x509 certificate DER files. This is caused by triggering a BUG_ON() in public_key_verify_signature() in crypto/asymmetric_keys/public_key.c which causes a kernel panic and system lockup on RHEL kernels. Vulnerable code: ... int public_key_verify_signature(const struct public_key *pk, const struct public_key_signature *sig) { const struct public_key_algorithm *algo; BUG_ON(!pk); BUG_ON(!pk->mpi[0]); ... Additional references: http://seclists.org/oss-sec/2016/q1/197 Introduced in commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42d5ec27f873c654a68f7f865dcd7737513e9508 Fixed in commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f
Acknowledgments: Name: Philip Pettersson (Samsung)
Statement: This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, MRG and realtime kernels.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1302163]
Is there an upstream discussion on this bug?
Do we have an appropriately doctored X.509 cert available?
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2574 https://rhn.redhat.com/errata/RHSA-2016-2574.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2584 https://rhn.redhat.com/errata/RHSA-2016-2584.html