SB2024061043 - Denial of service in Linux kernel crypto

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2023-52813)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818
• https://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0
• https://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7
• https://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d
• https://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316
• https://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e
• https://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf
• https://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28
• https://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.331
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.300
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7