| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122834-CVE-2024-56690-b77f@gregkh>
Date: Sat, 28 Dec 2024 10:45:42 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-56690: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY
Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for
PADATA_RESET"), the pcrypt encryption and decryption operations return
-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is
generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns
-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.
Fix this issue by calling crypto layer directly without parallelization
in that case.
The Linux kernel CVE team has assigned CVE-2024-56690 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.19.300 with commit 039fec48e062504f14845124a1a25eb199b2ddc0 and fixed in 4.19.325 with commit dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6
Issue introduced in 5.4.262 with commit c9c1334697301c10e6918d747ed38abfbc0c96e7 and fixed in 5.4.287 with commit fca8aed12218f96b38e374ff264d78ea1fbd23cc
Issue introduced in 5.10.202 with commit e97bf4ada7dddacd184c3e196bd063b0dc71b41d and fixed in 5.10.231 with commit a92ccd3618e42333ac6f150ecdac14dca298bc7a
Issue introduced in 5.15.140 with commit 546c1796ad1ed0d87dab3c4b5156d75819be2316 and fixed in 5.15.174 with commit 96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca
Issue introduced in 6.1.64 with commit c55fc098fd9d2dca475b82d00ffbcaf97879d77e and fixed in 6.1.120 with commit 92834692a539b5b7f409e467a14667d64713b732
Issue introduced in 6.6.3 with commit 372636debe852913529b1716f44addd94fff2d28 and fixed in 6.6.64 with commit 5edae7a9a35606017ee6e05911c290acee9fee5a
Issue introduced in 6.7 with commit 8f4f68e788c3a7a696546291258bfa5fdb215523 and fixed in 6.11.11 with commit a8e0074ffb38c9a5964a221bb998034d016c93a2
Issue introduced in 6.7 with commit 8f4f68e788c3a7a696546291258bfa5fdb215523 and fixed in 6.12.2 with commit 7ddab756f2de5b7b43c122ebebdf37f400fb2b6f
Issue introduced in 6.7 with commit 8f4f68e788c3a7a696546291258bfa5fdb215523 and fixed in 6.13-rc1 with commit 662f2f13e66d3883b9238b0b96b17886179e60e2
Issue introduced in 4.14.331 with commit fb2d3a50a8f29a3c66682bb426144f40e32ab818
Issue introduced in 6.5.13 with commit e134f3aba98e6c801a693f540912c2d493718ddf
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-56690
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
crypto/pcrypt.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6
https://git.kernel.org/stable/c/fca8aed12218f96b38e374ff264d78ea1fbd23cc
https://git.kernel.org/stable/c/a92ccd3618e42333ac6f150ecdac14dca298bc7a
https://git.kernel.org/stable/c/96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca
https://git.kernel.org/stable/c/92834692a539b5b7f409e467a14667d64713b732
https://git.kernel.org/stable/c/5edae7a9a35606017ee6e05911c290acee9fee5a
https://git.kernel.org/stable/c/a8e0074ffb38c9a5964a221bb998034d016c93a2
https://git.kernel.org/stable/c/7ddab756f2de5b7b43c122ebebdf37f400fb2b6f
https://git.kernel.org/stable/c/662f2f13e66d3883b9238b0b96b17886179e60e2
Powered by blists - more mailing lists