Linux Kernel Crypto CAAM Long HMAC Key DMA Corruption Vulnerability

A vulnerability in the Linux kernel's Crypto CAAM module can lead to DMA corruption when handling HMAC keys longer than the block size. The issue arises because the memory for the key copy is not properly allocated to align with DMA cache requirements, potentially causing the hashed key to overwrite adjacent memory. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause memory corruption, where the hashed key overwrites neighboring memory, leading to undefined behavior or potential exploitation.

Reproduction

To reproduce this vulnerability, supply a HMAC key longer than the block size to the Crypto CAAM module. The key will be copied and hashed into the actual key, but the memory allocation for the copy will not be properly aligned. This misalignment can cause the overwritten memory to be corrupted, demonstrating the vulnerability.

Remediation

The vulnerability has been addressed by modifying the memory allocation method to ensure proper alignment. Users should update to the latest version of the Linux kernel where this fix has been applied.