Linux Kernel Memory Corruption Vulnerability in Skcipher Algorithms Due to Improper Reqsize Handling

A vulnerability in the Linux kernel's skcipher algorithms has been introduced by a recent change in how request sizes are managed. The addition of the cra_reqsize field in the crypto_alg struct was intended to standardize reqsize handling across different cryptographic algorithms. However, this change has not been properly implemented in skcipher algorithms, leading to memory corruption and crashes. The underlying functions have not been updated to correctly set the reqsize based on the new cra_reqsize field, causing inconsistencies and potential instability in the cryptographic operations.

Impact

Exploitation of this vulnerability can lead to memory corruption and crashes in the affected skcipher algorithms, causing instability and potential disruption of services that rely on these cryptographic functions.

Reproduction

The vulnerability can be reproduced by using skcipher algorithms that have not been updated to handle the new reqsize management introduced in the crypto_alg struct. This can be done by selecting a skcipher algorithm that is affected by the vulnerability and performing cryptographic operations that trigger the reqsize handling. The resulting memory corruption and crash will demonstrate the impact of the vulnerability.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version of the stable kernel to apply the fix.