Hide Forgot
A flaw was found in the crypto subsystem of the Linux kernel. The "null skcipher" was being by dropped in the wrong place -- when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use. This may grant a local user to be able to crash the machine and possible corrupt memory leading to privilege escalation. Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b32a7dc8aef1882fbf983eb354837488cc9d54dc
External References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b32a7dc8aef1882fbf983eb354837488cc9d54dc
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1622836]
This issue was fixed for Fedora with the 4.14.8 stable kernel update.
Acknowledgments: Name: Florian Weimer (Red Hat), Ondrej Mosnacek (Red Hat)
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948