Bug 388581 (CVE-2011-4081)

Summary:	Kernel: ghash NULL Pointer Dereference Vulnerability (CVE-2011-4081)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Kernel	Assignee:	Gentoo Kernel Security <security-kernel>
Status:	RESOLVED OBSOLETE
Severity:	normal	CC:	kernel
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://secunia.com/advisories/46584/
Whiteboard:
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2011-10-26 16:58:37 UTC

From secunia security advisory at $URL:


Description:
The vulnerability is caused due to a NULL pointer dereference error within the implementation of the GHASH algorithm, which can be exploited to e.g. cause a crash via a specially crafted application.

The vulnerability is confirmed in version 2.6.39.4. Other versions may also be affected.


Solution:
Fixed in the GIT repository.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-04-04 19:47:50 UTC

There are no longer any 2.x kernels available in the repository with
the exception of sys-kernel/xbox-sources which is unsupported by security.