Linux Kernel Atmel SHA204A OOM TFM Count Leak Vulnerability

A vulnerability in the Linux kernel's handling of the Atmel SHA204A cryptographic driver has been addressed. The issue involved a memory allocation failure that could lead to an improper management of the transformation count, potentially causing future read operations to be blocked. This vulnerability was present in the stable version of the Linux kernel.

Impact

The vulnerability could lead to a denial of service by blocking read operations, causing future reads to fail.

Reproduction

The vulnerability can be reproduced by triggering a memory allocation failure in the Atmel SHA204A random number generator driver. This can be done by simulating low memory conditions or by modifying the driver to force a failure in the memory allocation process. Once the allocation fails, the driver does not properly decrement the transformation count, which can block subsequent read operations from the random number generator.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the Linux kernel can be found in the official Linux documentation or through the package manager for your Linux distribution.