Linux Kernel Crypto CAAM HMAC Key Overflow Vulnerability

A vulnerability in the Linux kernel's Crypto CAAM module can lead to a buffer overflow when handling HMAC keys longer than the block size. The issue arises because the key is copied using 'kmemdup', which can read beyond the intended length, potentially corrupting adjacent memory. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can cause a buffer overflow, leading to memory corruption.

Reproduction

The vulnerability can be reproduced by supplying an HMAC key longer than the block size to a function in the Crypto CAAM module that processes HMAC keys. The key will be improperly handled, causing a buffer overflow by reading extra bytes from the source buffer, which can overwrite adjacent memory.

Remediation

The vulnerability has been addressed by replacing 'kmemdup' with 'kmalloc' followed by 'memcpy' to ensure proper memory allocation and alignment. Users should upgrade to the patched version of the Linux kernel.