CVE-2023-53599

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390

Fix afalgallocareq() to initialise areq->firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq->first_rsgl.sgl.sgl.

Without this, the gcm-aes-s390 driver will oops when it tries to do gcmwalkstart() on req->dst because req->dst is set to the value of areq->firstrsgl.sgl.sgl by _aeadrecvmsg() calling aeadrequestset_crypt().

The problem comes if an empty ciphertext is passed: the loop in afalggetrsgl() just passes straight out and doesn't set areq->firstrsgl up.

This isn't a problem on x8664 using gcmaescryptbysg() because, as far as I can tell, that ignores req->dst and only uses req->src[*].

[*] Is this a bug in aesni-intel_glue.c?

The s390x oops looks something like:

Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 0000000a00000000 TEID: 0000000a00000803 Fault in home space mode while using kernel ASCE. AS:00000000a43a0007 R3:0000000000000024 Oops: 003b ilc:2 [#1] SMP ... Call Trace: [<000003ff7fc3d47e>] gcmwalkstart+0x16/0x28 [aess390] [<00000000a2a342f2>] cryptoaeaddecrypt+0x9a/0xb8 [<00000000a2a60888>] aeadrecvmsg+0x478/0x698 [<00000000a2e519a0>] sockrecvmsg+0x70/0xb0 [<00000000a2e51a56>] sockreaditer+0x76/0xa0 [<00000000a273e066>] vfsread+0x26e/0x2a8 [<00000000a273e8c4>] ksysread+0xbc/0x100 [<00000000a311d808>] _dosyscall+0x1d0/0x1f8 [<00000000a312ff30>] systemcall+0x70/0x98 Last Breaking-Event-Address: [<000003ff7fc3e6b4>] gcmaescrypt+0x104/0xa68 [aes_s390]