Linux Kernel Poly1305 Out-of-Bounds Read Vulnerability

A read out-of-bounds vulnerability has been identified in the Linux kernel's Poly1305 implementation for ARM64. This issue arises in the 'neon_poly1305_blocks' function, where the logic incorrectly initializes state variables, leading to a KASAN (Kernel Address Sanitizer) error during fuzzing. The vulnerability allows reading memory beyond allocated boundaries, which can potentially be exploited to access sensitive information or cause memory corruption.

Impact

Exploitation of this vulnerability leads to a read out-of-bounds condition, allowing for memory access beyond allocated buffers. This can result in information disclosure or memory corruption, depending on the accessed data.

Reproduction

The vulnerability can be reproduced by compiling a kernel module that uses the Poly1305 cryptographic hash function. The module should allocate a buffer for the Poly1305 key, leaving one byte uninitialized, and then use the 'crypto_shash_tfm_digest' function to process the key. This triggers the out-of-bounds read by causing the 'neon_poly1305_blocks' function to incorrectly initialize the state variables, allowing KASAN to report the memory access error.

Remediation

Users should upgrade to the latest stable version of the Linux kernel where this vulnerability has been patched.