In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs.
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: crypto: authencesn - rechazar AAD demasiado corto (assoclen<8) para coincidir con la especificación ESP/ESN authencesn asume un AAD con formato ESP/ESN. Cuando assoclen es más corto que la longitud mínima esperada, crypto_authenc_esn_decrypt() puede avanzar más allá del final de la scatterlist de destino y activar una desreferencia de puntero NULL en scatterwalk_map_and_copy(), lo que lleva a un pánico del kernel (DoS). Añadir una comprobación de longitud mínima de AAD para fallar rápidamente con entradas no válidas.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-476
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc2a5f80> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdc59c8c0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc2a7b40> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc130800> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc2a67c0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bde166900> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bdc59d580> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702b70376f00> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bdc59dd00> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bde166200> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bfc551f40> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bfc2a5a80> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:* |