Linux Kernel Crypto Library Sequence IV Generator Request Handling Vulnerability

A vulnerability exists in the Linux kernel's crypto library, specifically within the sequence IV generator used for authenticated encryption. The issue arises because the function 'crypto_aead_encrypt' can free the underlying request before it completes, making it unsafe to access 'req->iv' afterwards. This vulnerability affects the Linux kernel stable group.

Impact

The vulnerability could lead to undefined behavior by allowing invalid memory access, potentially causing a use-after-free condition.

Reproduction

The vulnerability can be reproduced by calling the 'crypto_aead_encrypt' function with a request that is then asynchronously completed, freeing the request before it can be safely used. This can be done by creating an encryption request that is not aligned properly and then processing it in a way that allows the asynchronous completion to free the request before the IV can be accessed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.