2327206 – (CVE-2024-50281) CVE-2024-50281 kernel: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation

Bug 2327206 (CVE-2024-50281) - CVE-2024-50281 kernel: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation

Summary: CVE-2024-50281 kernel: KEYS: trusted: dcp: fix NULL dereference in AEAD crypt...

Keywords:
Status:	NEW
Alias:	CVE-2024-50281
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2327213
Blocks:
TreeView+	depends on / blocked

Reported:	2024-11-19 02:03 UTC by OSIDB Bzimport
Modified:	2024-11-21 19:05 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-11-19 02:03:52 UTC

In the Linux kernel, the following vulnerability has been resolved:

KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation

When sealing or unsealing a key blob we currently do not wait for
the AEAD cipher operation to finish and simply return after submitting
the request. If there is some load on the system we can exit before
the cipher operation is done and the buffer we read from/write to
is already removed from the stack. This will e.g. result in NULL
pointer dereference errors in the DCP driver during blob creation.

Fix this by waiting for the AEAD cipher operation to finish before
resuming the seal and unseal calls.

Comment 1 Avinash Hanwate 2024-11-19 04:07:41 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024111941-CVE-2024-50281-f70e@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.