crypto:s390/aes - 修复 CTR 模式下的缓冲区过度读取 (CVE-2023-52669)

CVE编号

CVE-2023-52669

利用情况

暂无

补丁情况

N/A

披露时间

2024-05-17
漏洞描述
In the Linux kernel, the following vulnerability has been resolved:

crypto: s390/aes - Fix buffer overread in CTR mode

When processing the last block, the s390 ctr code will always read
a whole block, even if there isn't a whole block of data left. Fix
this by using the actual length left and copy it into a buffer first
for processing.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://git.kernel.org/stable/c/a7f580cdb42ec3d53bbb7c4e4335a98423703285
https://git.kernel.org/stable/c/cd51e26a3b89706beec64f2d8296cfb1c34e0c79
https://git.kernel.org/stable/c/d07f951903fa9922c375b8ab1ce81b18a0034e3b
https://git.kernel.org/stable/c/d68ac38895e84446848b7647ab9458d54cacba3e
https://git.kernel.org/stable/c/dbc9a791a70ea47be9f2acf251700fe254a2ab23
https://git.kernel.org/stable/c/e78f1a43e72daf77705ad5b9946de66fc708b874
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 debian_11 linux * Up to
(excluding)
5.10.216-1
运行在以下环境
系统 debian_12 linux * Up to
(excluding)
6.1.76-1
CVSS3评分
N/A
  • 攻击路径
    N/A
  • 攻击复杂度
    N/A
  • 权限要求
    N/A
  • 影响范围
    N/A
  • 用户交互
    N/A
  • 可用性
    N/A
  • 保密性
    N/A
  • 完整性
    N/A
N/A
CWE-ID 漏洞类型
阿里云安全产品覆盖情况