Description
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs.
Product status
104880a6b470958ddc30e139c41aa4f6ed3a5234 (git) before df22c9a65e9a9daa368a72fed596af9d7d5876bb
104880a6b470958ddc30e139c41aa4f6ed3a5234 (git) before fee86edf5803f1d1f19e3b4f2dacac241bddfa48
104880a6b470958ddc30e139c41aa4f6ed3a5234 (git) before 767e8349f7e929b7dd95c08f0b4cb353459b365e
104880a6b470958ddc30e139c41aa4f6ed3a5234 (git) before b0a9609283a5c852addb513dafa655c61eebc1ef
104880a6b470958ddc30e139c41aa4f6ed3a5234 (git) before 161bdc90fce25bd9890adc67fa1c8563a7acbf40
104880a6b470958ddc30e139c41aa4f6ed3a5234 (git) before 9532ff0d0e90ff78a214299f594ab9bac81defe4
104880a6b470958ddc30e139c41aa4f6ed3a5234 (git) before 2397e9264676be7794f8f7f1e9763d90bd3c7335
4.3
Any version before 4.3
5.10.249 (semver)
5.15.199 (semver)
6.1.162 (semver)
6.6.122 (semver)
6.12.68 (semver)
6.18.8 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/df22c9a65e9a9daa368a72fed596af9d7d5876bb
git.kernel.org/...c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48
git.kernel.org/...c/767e8349f7e929b7dd95c08f0b4cb353459b365e
git.kernel.org/...c/b0a9609283a5c852addb513dafa655c61eebc1ef
git.kernel.org/...c/161bdc90fce25bd9890adc67fa1c8563a7acbf40
git.kernel.org/...c/9532ff0d0e90ff78a214299f594ab9bac81defe4
git.kernel.org/...c/2397e9264676be7794f8f7f1e9763d90bd3c7335