Summary: | <sys-kernel/gentoo-sources-{4.4.176,4.9.160,4.14.103,4.19.25}: Linux Kernel 'crypto/af_alg.c' Use After Free Arbitrary Code Execution Vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | aa <gentoouser> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bugmail, holgersson, kernel, luke, stefan.gast |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | stable? | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 679558 | ||
Bug Blocks: |
Description
aa
2019-02-21 09:36:40 UTC
Hi, today updates were pushed by upstream that contain the fix[1]: 4.14.103: 6e4c01ee785c2192fcc4be234cedde3706309a7e 4.19.25: eb5e6869125f69dd28513f92992d97ec62bb9773 4.20.12: cc5cb5c0d03d9a990dd6d40dce5a5cf96de8e81e 5.0-r7 seems to be still affected; this shouldn't matter as 5.0 or RC8 might be released within the next days (based on the typical "release cycle"). Kernels prior to 4.10 might be unaffected according to a German news magazine[2]. With the fix applied the file crypto/af_alg.c must contain inside the function af_alg_release() the additional line sock->sk = NULL; (plus the corresponding curly brackets). [1] The fix is inside the commit with the summary "net: crypto set sk to NULL when af_alg_release." respectivly 5.0 commit 9060cb719e61b685ec0102574e10337fa5f445ea. [2] https://heise.de/-4315290 Stable candidates committed in: sys-kernel/gentoo-sources-4.19.25: 1cc8f57d0e255e49d454aa2e10ed635100a9a2b9 sys-kernel/gentoo-sources-4.14.103: 5910e16d0838d7b37f75321a6b488a0ca5fbc807 sys-kernel/gentoo-sources-4.9.160: ffd70cc88542c25db5b0328d619c720ba0c49c15 sys-kernel/gentoo-sources-4.4.176: efc2e58391a39331474b32aca3955f2c639f4aa7 awaiting stabilization Long been stabilized |