Main Vulnerability Database SB2017052321

SB2017052321 - NULL pointer dereference in Linux kernel crypto

Published: May 23, 2017

Security Bulletin ID SB2017052321

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2017-9211)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the crypto_init_skcipher_ops_ablkcipher() and crypto_skcipher_init_tfm() functions in crypto/skcipher.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9933e113c2e87a9f46a40fde8dafbf801dca1ab9
https://github.com/torvalds/linux/commit/9933e113c2e87a9f46a40fde8dafbf801dca1ab9
https://patchwork.kernel.org/patch/9718933/