cve/published/2024/CVE-2024-56690.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-56690: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

 Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for
 PADATA_RESET"), the pcrypt encryption and decryption operations return
 -EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is
 generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns
 -EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.
 Fix this issue by calling crypto layer directly without parallelization
 in that case.

 The Linux kernel CVE team has assigned CVE-2024-56690 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.19.300 with commit 039fec48e062504f14845124a1a25eb199b2ddc0 and fixed in 4.19.325 with commit dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6
 	Issue introduced in 5.4.262 with commit c9c1334697301c10e6918d747ed38abfbc0c96e7 and fixed in 5.4.287 with commit fca8aed12218f96b38e374ff264d78ea1fbd23cc
 	Issue introduced in 5.10.202 with commit e97bf4ada7dddacd184c3e196bd063b0dc71b41d and fixed in 5.10.231 with commit a92ccd3618e42333ac6f150ecdac14dca298bc7a
 	Issue introduced in 5.15.140 with commit 546c1796ad1ed0d87dab3c4b5156d75819be2316 and fixed in 5.15.174 with commit 96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca
 	Issue introduced in 6.1.64 with commit c55fc098fd9d2dca475b82d00ffbcaf97879d77e and fixed in 6.1.120 with commit 92834692a539b5b7f409e467a14667d64713b732
 	Issue introduced in 6.6.3 with commit 372636debe852913529b1716f44addd94fff2d28 and fixed in 6.6.64 with commit 5edae7a9a35606017ee6e05911c290acee9fee5a
 	Issue introduced in 6.7 with commit 8f4f68e788c3a7a696546291258bfa5fdb215523 and fixed in 6.11.11 with commit a8e0074ffb38c9a5964a221bb998034d016c93a2
 	Issue introduced in 6.7 with commit 8f4f68e788c3a7a696546291258bfa5fdb215523 and fixed in 6.12.2 with commit 7ddab756f2de5b7b43c122ebebdf37f400fb2b6f
 	Issue introduced in 6.7 with commit 8f4f68e788c3a7a696546291258bfa5fdb215523 and fixed in 6.13 with commit 662f2f13e66d3883b9238b0b96b17886179e60e2
 	Issue introduced in 4.14.331 with commit fb2d3a50a8f29a3c66682bb426144f40e32ab818
 	Issue introduced in 6.5.13 with commit e134f3aba98e6c801a693f540912c2d493718ddf

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-56690
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	crypto/pcrypt.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6
 	https://git.kernel.org/stable/c/fca8aed12218f96b38e374ff264d78ea1fbd23cc
 	https://git.kernel.org/stable/c/a92ccd3618e42333ac6f150ecdac14dca298bc7a
 	https://git.kernel.org/stable/c/96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca
 	https://git.kernel.org/stable/c/92834692a539b5b7f409e467a14667d64713b732
 	https://git.kernel.org/stable/c/5edae7a9a35606017ee6e05911c290acee9fee5a
 	https://git.kernel.org/stable/c/a8e0074ffb38c9a5964a221bb998034d016c93a2
 	https://git.kernel.org/stable/c/7ddab756f2de5b7b43c122ebebdf37f400fb2b6f
 	https://git.kernel.org/stable/c/662f2f13e66d3883b9238b0b96b17886179e60e2
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-56690: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

	Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for
	PADATA_RESET"), the pcrypt encryption and decryption operations return
	-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is
	generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns
	-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.
	Fix this issue by calling crypto layer directly without parallelization
	in that case.

	The Linux kernel CVE team has assigned CVE-2024-56690 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.19.300 with commit 039fec48e062504f14845124a1a25eb199b2ddc0 and fixed in 4.19.325 with commit dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6
	Issue introduced in 5.4.262 with commit c9c1334697301c10e6918d747ed38abfbc0c96e7 and fixed in 5.4.287 with commit fca8aed12218f96b38e374ff264d78ea1fbd23cc
	Issue introduced in 5.10.202 with commit e97bf4ada7dddacd184c3e196bd063b0dc71b41d and fixed in 5.10.231 with commit a92ccd3618e42333ac6f150ecdac14dca298bc7a
	Issue introduced in 5.15.140 with commit 546c1796ad1ed0d87dab3c4b5156d75819be2316 and fixed in 5.15.174 with commit 96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca
	Issue introduced in 6.1.64 with commit c55fc098fd9d2dca475b82d00ffbcaf97879d77e and fixed in 6.1.120 with commit 92834692a539b5b7f409e467a14667d64713b732
	Issue introduced in 6.6.3 with commit 372636debe852913529b1716f44addd94fff2d28 and fixed in 6.6.64 with commit 5edae7a9a35606017ee6e05911c290acee9fee5a
	Issue introduced in 6.7 with commit 8f4f68e788c3a7a696546291258bfa5fdb215523 and fixed in 6.11.11 with commit a8e0074ffb38c9a5964a221bb998034d016c93a2
	Issue introduced in 6.7 with commit 8f4f68e788c3a7a696546291258bfa5fdb215523 and fixed in 6.12.2 with commit 7ddab756f2de5b7b43c122ebebdf37f400fb2b6f
	Issue introduced in 6.7 with commit 8f4f68e788c3a7a696546291258bfa5fdb215523 and fixed in 6.13 with commit 662f2f13e66d3883b9238b0b96b17886179e60e2
	Issue introduced in 4.14.331 with commit fb2d3a50a8f29a3c66682bb426144f40e32ab818
	Issue introduced in 6.5.13 with commit e134f3aba98e6c801a693f540912c2d493718ddf

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-56690
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	crypto/pcrypt.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6
	https://git.kernel.org/stable/c/fca8aed12218f96b38e374ff264d78ea1fbd23cc
	https://git.kernel.org/stable/c/a92ccd3618e42333ac6f150ecdac14dca298bc7a
	https://git.kernel.org/stable/c/96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca
	https://git.kernel.org/stable/c/92834692a539b5b7f409e467a14667d64713b732
	https://git.kernel.org/stable/c/5edae7a9a35606017ee6e05911c290acee9fee5a
	https://git.kernel.org/stable/c/a8e0074ffb38c9a5964a221bb998034d016c93a2
	https://git.kernel.org/stable/c/7ddab756f2de5b7b43c122ebebdf37f400fb2b6f
	https://git.kernel.org/stable/c/662f2f13e66d3883b9238b0b96b17886179e60e2