APPLIED: [SRU][M][PATCH 0/1] CVE-2024-26789

[Roxana Nicolescu]

On 12/04/2024 00:36, Bethany Jamison wrote:
> [Impact]
>
>   In the Linux kernel, the following vulnerability has been resolved:
>
>   crypto: arm64/neonbs - fix out-of-bounds access on short input
>
>   The bit-sliced implementation of AES-CTR operates on blocks of 128
>   bytes, and will fall back to the plain NEON version for tail blocks or
>   inputs that are shorter than 128 bytes to begin with.
>
>   It will call straight into the plain NEON asm helper, which performs all
>   memory accesses in granules of 16 bytes (the size of a NEON register).
>   For this reason, the associated plain NEON glue code will copy inputs
>   shorter than 16 bytes into a temporary buffer, given that this is a rare
>   occurrence and it is not worth the effort to work around this in the asm
>   code.
>
>   The fallback from the bit-sliced NEON version fails to take this into
>   account, potentially resulting in out-of-bounds accesses. So clone the
>   same workaround, and use a temp buffer for short in/outputs.
>
> [Fix]
>
> Mantic:	Clean cherry-pick.
> Jammy:	not-affected
> Focal:	not-affected
> Bionic:	not-affected
> Xenial:	not-affected
> Trusty:	not-affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affected those who use the crypto API framework, and issue
> with this fix would be visable with unpredicted behavior or potentially
> a system crash.
>
> Ard Biesheuvel (1):
>    crypto: arm64/neonbs - fix out-of-bounds access on short input
>
>   arch/arm64/crypto/aes-neonbs-glue.c | 11 +++++++++++
>   1 file changed, 11 insertions(+)
>
Applied to mantic master-next branch. Thanks!