qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Centos-kernel-stream-9/crypto
History
CKI Backport Bot d023d45290 crypto: algif_hash - fix double free in hash_accept 
JIRA: https://issues.redhat.com/browse/RHEL-102233
CVE: CVE-2025-38079

commit b2df03ed4052e97126267e8c13ad4204ea6ba9b6
Author: Ivan Pravdin <ipravdin.official@gmail.com>
Date:   Sun May 18 18:41:02 2025 -0400

    crypto: algif_hash - fix double free in hash_accept

    If accept(2) is called on socket type algif_hash with
    MSG_MORE flag set and crypto_ahash_import fails,
    sk2 is freed. However, it is also freed in af_alg_release,
    leading to slab-use-after-free error.

    Fixes: fe869cdb89 ("crypto: algif_hash - User-space interface for hash operations")
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Ivan Pravdin <ipravdin.official@gmail.com>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com>
 		2025-07-08 05:09:28 +00:00
..
asymmetric_keys certs: Add ECDSA signature verification self-test 2025-03-06 08:36:23 +08:00
async_tx async_xor: Remove unused 'async_xor_val' 2025-03-21 14:55:02 -04:00
842.c
Kconfig crypto,fs: Separate out hkdf_extract() and hkdf_expand() 2025-05-09 07:27:10 +02:00
Makefile crypto,fs: Separate out hkdf_extract() and hkdf_expand() 2025-05-09 07:27:10 +02:00
acompress.c
adiantum.c
aead.c
aegis.h
aegis128-core.c
aegis128-neon-inner.c
aegis128-neon.c
aes_generic.c
aes_ti.c
af_alg.c net: change proto and proto_ops accept type 2024-12-02 11:12:33 -05:00
ahash.c crypto: hash - Add statesize to crypto_ahash 2024-08-02 19:26:59 -04:00
akcipher.c
algapi.c
algboss.c
algif_aead.c
algif_hash.c crypto: algif_hash - fix double free in hash_accept 2025-07-08 05:09:28 +00:00
algif_rng.c
algif_skcipher.c
ansi_cprng.c
anubis.c
api.c
arc4.c
authenc.c
authencesn.c
blake2b_generic.c
blake2s_generic.c
blowfish_common.c
blowfish_generic.c
camellia_generic.c
cast5_generic.c
cast6_generic.c
cast_common.c
cbc.c
ccm.c
cfb.c
chacha20poly1305.c
chacha_generic.c
cipher.c
cmac.c
compress.c
crc32_generic.c
crc32c_generic.c
crc64_rocksoft_generic.c
crct10dif_common.c
crct10dif_generic.c
cryptd.c
crypto_engine.c crypto: engine - Remove prepare/unprepare request 2025-05-19 14:30:46 +02:00
crypto_null.c
crypto_user_base.c
crypto_user_stat.c
ctr.c
cts.c
curve25519-generic.c
deflate.c
des_generic.c
dh.c
dh_helper.c
drbg.c crypto: drbg - ensure drbg hmac sha512 is used in FIPS selftests 2024-08-02 19:27:01 -04:00
ecb.c
ecc.c
ecc.h
ecc_curve_defs.h
ecdh.c
ecdh_helper.c
ecdsa.c
ecdsasignature.asn1
echainiv.c
ecrdsa.c
ecrdsa_defs.h
ecrdsa_params.asn1
ecrdsa_pub_key.asn1
essiv.c
fcrypt.c
fips.c
gcm.c
geniv.c
gf128mul.c
ghash-generic.c
hash_info.c
hkdf.c crypto,fs: Separate out hkdf_extract() and hkdf_expand() 2025-05-09 07:27:10 +02:00
hmac.c
internal.h
jitterentropy-kcapi.c
jitterentropy.c
jitterentropy.h
keywrap.c
khazad.c
kpp.c
lrw.c
lz4.c
lz4hc.c
lzo-rle.c
lzo.c
md4.c
md5.c
memneq.c
michael_mic.c
nhpoly1305.c
ofb.c
pcbc.c
pcrypt.c crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY 2025-02-19 16:46:25 +08:00
poly1305_generic.c
proc.c
ripemd.h
rmd160.c
rng.c crypto: rng - Fix extrng EFAULT handling 2024-12-10 16:39:37 +08:00
rsa-pkcs1pad.c
rsa.c
rsa_helper.c
rsaprivkey.asn1
rsapubkey.asn1
scatterwalk.c
scompress.c
seed.c
seqiv.c
serpent_generic.c
sha1_generic.c
sha3_generic.c
sha256_generic.c
sha512_generic.c
shash.c
simd.c
skcipher.c
sm2.c
sm2signature.asn1
sm3_generic.c
sm4_generic.c
streebog_generic.c
tcrypt.c
tcrypt.h
tea.c
testmgr.c
testmgr.h
twofish_common.c
twofish_generic.c
vmac.c
wp512.c
xcbc.c
xor.c
xts.c
xxhash_generic.c
zstd.c