APPLIED: [SRU][F][PATCH 0/1] CVE-2024-42229

[Stefan Bader]

On 17.09.24 00:20, Bethany Jamison wrote:
> [Impact]
> 
> crypto: aead,cipher - zeroize key buffer after use
> 
> I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding
> cryptographic information should be zeroized once they are no longer
> needed. Accomplish this by using kfree_sensitive for buffers that
> previously held the private key.
> 
> [Fix]
> 
> Noble:	pending (6.8.0-46.46)
> Jammy:	released
> Focal:	Backported from linux-5.10.y - ignored context conflict from
> 	neighboring line, missing commit (e8cfed5); changed
> 	'kfree_sensitive' to 'kzfree' to fix conflict
> Bionic:	fix sent to esm ML
> Xenial:	fix sent to esm ML
> Trusty:	won't fix
> 
> [Test Case]
> 
> Compile tested.
> 
> [Where problems could occur]
> 
> This fix affects those who use AEAD algorithms or single-block cipher
> operations, an issue with this fix would be visible to the user if
> sensitive information was found after use on the buffer.
> 
> Hailey Mothershead (1):
>    crypto: aead,cipher - zeroize key buffer after use
> 
>   crypto/aead.c   | 3 +--
>   crypto/cipher.c | 3 +--
>   2 files changed, 2 insertions(+), 4 deletions(-)
> 

Applied to focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240925/262c5fec/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240925/262c5fec/attachment-0001.sig>