A flaw in the Linux Kernel interface for symmetric key cipher algorithms found (in the function skcipher_recvmsg of crypto/algif_skcipher.c). When the function skcipher_recvmsg receives data from the socket to obtain the encryption and decryption results, it can go to skcipher_wait_for_data to wait for the data in the socket to arrive, but the value passed to af_alg_make_sg after the data arrives is still 0, which will cause a crash in the subsequent get_user_pages_fast. After analyses of the reproducer, there is a conclusion that this issue is only locally exploitable. Reference: https://github.com/torvalds/linux/commit/9399f0c51489ae8c16d6559b82a452fdc1895e91
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2221807]
The fix for this was brought in during 4.0, and has not impacted any Fedora kernels in the past 8 years.