The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
19 Jan 2023, 15:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* |
|
First Time |
Canonical
Canonical ubuntu Linux |
|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:3083 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3620-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:2948 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3632-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3617-3/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3619-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3620-2/ - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2018/dsa-4082 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:3096 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2473 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3617-2/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3617-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3619-2/ - Third Party Advisory |
Information
Published : 2017-12-20 23:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-17805
Mitre link : CVE-2017-17805
CVE.ORG link : CVE-2017-17805
JSON object : View
Products Affected
opensuse
- leap
canonical
- ubuntu_linux
opensuse_project
- leap
suse
- linux_enterprise_server_for_raspberry_pi
- linux_enterprise_server
- linux_enterprise_desktop
linux
- linux_kernel
debian
- debian_linux
CWE
CWE-20
Improper Input Validation