APPLIED: [SRU][J][PATCH 0/1] CVE-2024-42158
Roxana Nicolescu
roxana.nicolescu at canonical.com
Fri Oct 18 12:55:59 UTC 2024
On 11/10/2024 16:54, Massimiliano Pellizzer wrote:
> [Impact]
>
> s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
>
> Replace memzero_explicit() and kfree() with kfree_sensitive() to fix
> warnings reported by Coccinelle.
>
> [Fix]
>
> Noble: Fixed
> Jammy: Backported from linux-6.9.y
> Focal: Not affected
> Bionic: Not affected
> Xenial: Not affected
>
> [Test Case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> The fix affects the s390 cryptographic driver. An issue with the fix may
> lead to improper memory sanitization, potentially leaving cryptographic
> keys exposed in memory. This could result in a potential data leak.
>
> Jules Irenge (1):
> s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
>
> drivers/s390/crypto/pkey_api.c | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
Applied to jammy:linux master-next branch. Thanks!
More information about the kernel-team
mailing list