Vigil@nce - Linux kernel: NULL pointer dereference via mcryptd
March 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can force a NULL pointer to be dereferenced via
mcryptd in the Linux kernel, in order to trigger a denial of
service.
Impacted products: Linux, openSUSE Leap, Ubuntu.
Severity: 2/4.
Creation date: 17/01/2017.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel includes an implementation of cryptographic
algorithms, which is callable from the user space via a socket of
address type AF_ALG.
However, in the source file "mcryptd.c", the algorithm name is not
validated. When an unknown name is specified, a newly allocated
structure keeps a NULL pointer until an attempt to use it.
A local attacker can therefore force a NULL pointer to be
dereferenced via mcryptd in the Linux kernel, in order to trigger
a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Linux-kernel-NULL-pointer-dereference-via-mcryptd-21596