Message ID | 20240916222027.134582-1-bethany.jamison@canonical.com |
---|---|
Headers | show |
Series | CVE-2024-42229 | expand |
Acked-by: Thibault Ferrante <thibault.ferrante@canonical.com> On 17-09-2024 00:20, Bethany Jamison wrote: > [Impact] > > crypto: aead,cipher - zeroize key buffer after use > > I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding > cryptographic information should be zeroized once they are no longer > needed. Accomplish this by using kfree_sensitive for buffers that > previously held the private key. > > [Fix] > > Noble: pending (6.8.0-46.46) > Jammy: released > Focal: Backported from linux-5.10.y - ignored context conflict from > neighboring line, missing commit (e8cfed5); changed > 'kfree_sensitive' to 'kzfree' to fix conflict > Bionic: fix sent to esm ML > Xenial: fix sent to esm ML > Trusty: won't fix > > [Test Case] > > Compile tested. > > [Where problems could occur] > > This fix affects those who use AEAD algorithms or single-block cipher > operations, an issue with this fix would be visible to the user if > sensitive information was found after use on the buffer. > > Hailey Mothershead (1): > crypto: aead,cipher - zeroize key buffer after use > > crypto/aead.c | 3 +-- > crypto/cipher.c | 3 +-- > 2 files changed, 2 insertions(+), 4 deletions(-) > -- Thibault
Acked-by: Mehmet Basaran <mehmet.basaran@canonical.com> Bethany Jamison <bethany.jamison@canonical.com> writes: > [Impact] > > crypto: aead,cipher - zeroize key buffer after use > > I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding > cryptographic information should be zeroized once they are no longer > needed. Accomplish this by using kfree_sensitive for buffers that > previously held the private key. > > [Fix] > > Noble: pending (6.8.0-46.46) > Jammy: released > Focal: Backported from linux-5.10.y - ignored context conflict from > neighboring line, missing commit (e8cfed5); changed > 'kfree_sensitive' to 'kzfree' to fix conflict > Bionic: fix sent to esm ML > Xenial: fix sent to esm ML > Trusty: won't fix > > [Test Case] > > Compile tested. > > [Where problems could occur] > > This fix affects those who use AEAD algorithms or single-block cipher > operations, an issue with this fix would be visible to the user if > sensitive information was found after use on the buffer. > > Hailey Mothershead (1): > crypto: aead,cipher - zeroize key buffer after use > > crypto/aead.c | 3 +-- > crypto/cipher.c | 3 +-- > 2 files changed, 2 insertions(+), 4 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team