Linux Kernel Crypto Subsystem af_alg Module Merge Value Initialization Vulnerability

A vulnerability exists in the Linux kernel's crypto af_alg module, where the merge context value is not properly initialized before use. If an error occurs during the af_alg_sendmsg function, the merge value may retain a garbage value from a previous iteration. This can lead to a crash in subsequent calls to af_alg_sendmsg, as the function attempts to perform a merge operation that is not feasible. The issue has been addressed by ensuring that the merge value is set to zero at the beginning of the processing loop.

Impact

The vulnerability can cause a crash by triggering an invalid merge operation, disrupting the normal execution of the af_alg_sendmsg function.

Reproduction

The vulnerability can be reproduced by invoking the af_alg_sendmsg function in a scenario where an error causes the function to abort prematurely. This will leave the ctx->merge value uninitialized, containing a garbage value from the previous loop iteration. The next time af_alg_sendmsg is called, it will attempt to perform a merge based on this invalid value, leading to a crash.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.