[SRU][J][PATCH 0/1] CVE-2024-42158
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Fri Oct 11 14:54:13 UTC 2024
[Impact]
s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
Replace memzero_explicit() and kfree() with kfree_sensitive() to fix
warnings reported by Coccinelle.
[Fix]
Noble: Fixed
Jammy: Backported from linux-6.9.y
Focal: Not affected
Bionic: Not affected
Xenial: Not affected
[Test Case]
Compile tested only.
[Where problems could occur]
The fix affects the s390 cryptographic driver. An issue with the fix may
lead to improper memory sanitization, potentially leaving cryptographic
keys exposed in memory. This could result in a potential data leak.
Jules Irenge (1):
s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
drivers/s390/crypto/pkey_api.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
--
2.43.0
More information about the kernel-team
mailing list