Linux Kernel GCM-AES-S390 Driver Initialization Vulnerability

A vulnerability in the Linux kernel's AF_ALG crypto interface affects the GCM-AES-S390 driver. The issue arises because the driver fails to properly initialize a key data structure, leading to a kernel crash (oops) when processing certain requests. This problem occurs specifically when an empty ciphertext is received, causing the driver to attempt accessing an uninitialized memory reference. The vulnerability is present in the stable versions of the Linux kernel.

Impact

The vulnerability causes a kernel pointer dereference error, leading to a crash in the S390x environment. This type of error occurs when the kernel tries to access a memory address that is not valid, causing a fault that can disrupt system operations.

Reproduction

The vulnerability can be reproduced by sending a request to the GCM-AES-S390 driver through the AF_ALG crypto interface that includes an empty ciphertext. This will trigger the driver's decryption process, which relies on the uninitialized data structure, causing a kernel crash.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.