ACK: [SRU][M][PATCH 0/1] CVE-2024-26789

[Andrei Gherzan]

On 24/04/11 05:36PM, Bethany Jamison wrote:
> [Impact]
> 
>  In the Linux kernel, the following vulnerability has been resolved:
> 
>  crypto: arm64/neonbs - fix out-of-bounds access on short input
> 
>  The bit-sliced implementation of AES-CTR operates on blocks of 128
>  bytes, and will fall back to the plain NEON version for tail blocks or
>  inputs that are shorter than 128 bytes to begin with.
> 
>  It will call straight into the plain NEON asm helper, which performs all
>  memory accesses in granules of 16 bytes (the size of a NEON register).
>  For this reason, the associated plain NEON glue code will copy inputs
>  shorter than 16 bytes into a temporary buffer, given that this is a rare
>  occurrence and it is not worth the effort to work around this in the asm
>  code.
> 
>  The fallback from the bit-sliced NEON version fails to take this into
>  account, potentially resulting in out-of-bounds accesses. So clone the
>  same workaround, and use a temp buffer for short in/outputs.
> 
> [Fix]
> 
> Mantic:	Clean cherry-pick.
> Jammy:	not-affected
> Focal:	not-affected
> Bionic:	not-affected
> Xenial:	not-affected
> Trusty:	not-affected
> 
> [Test Case]
> 
> Compile and boot tested.
> 
> [Where problems could occur]
> 
> This fix affected those who use the crypto API framework, and issue
> with this fix would be visable with unpredicted behavior or potentially
> a system crash.
> 
> Ard Biesheuvel (1):
>   crypto: arm64/neonbs - fix out-of-bounds access on short input
> 
>  arch/arm64/crypto/aes-neonbs-glue.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)
>

Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>

-- 
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240423/5fc21309/attachment.sig>