Linux Kernel Memory Corruption Vulnerability in AEAD Crypto Algorithms Due to Improper Request Size Handling

A vulnerability in the Linux kernel's AEAD (Authenticated Encryption with Associated Data) crypto algorithms has been identified, stemming from improper handling of the request size. The issue arises from a change introduced in the crypto API, where a new request size field was added to the crypto algorithm structure. This change was intended to standardize request size handling across different types of crypto algorithms. However, in AEAD algorithms, this new request size field was not properly integrated, leading to memory corruption and crashes. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause memory corruption and crashes in systems using the affected AEAD crypto algorithms.

Reproduction

The vulnerability can be reproduced by using AEAD crypto algorithms that have not been properly updated to handle the new request size field introduced in the crypto API. This can lead to memory corruption and crashes when the algorithms are used.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel documentation.