388581 – (CVE-2011-4081) Kernel: ghash NULL Pointer Dereference Vulnerability (CVE-2011-4081)

Bug 388581 (CVE-2011-4081) - Kernel: ghash NULL Pointer Dereference Vulnerability (CVE-2011-4081)

Summary: Kernel: ghash NULL Pointer Dereference Vulnerability (CVE-2011-4081)

Status:	RESOLVED OBSOLETE

Alias:	CVE-2011-4081

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:	https://secunia.com/advisories/46584/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-10-26 16:58 UTC by Agostino Sarubbo
Modified:	2018-04-04 19:47 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2011-10-26 16:58:37 UTC

From secunia security advisory at $URL:


Description:
The vulnerability is caused due to a NULL pointer dereference error within the implementation of the GHASH algorithm, which can be exploited to e.g. cause a crash via a specially crafted application.

The vulnerability is confirmed in version 2.6.39.4. Other versions may also be affected.


Solution:
Fixed in the GIT repository.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-04-04 19:47:50 UTC

There are no longer any 2.x kernels available in the repository with
the exception of sys-kernel/xbox-sources which is unsupported by security.