CVE-2017-17805

CWE-20Improper Input Validation16 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 94.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux Linux KernelCanonical Ubuntu LinuxDebian Debian Linux+5 more
Timeline
PublishedDec 20
Latest updateMay 14

Description

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel2.6.253.2.97+6
Debianlinux< 4.14.7-1+3
NVDopensuse/leap42.2

Also affects: Debian Linux 8.0, 9.0, Linux Enterprise 12, Ubuntu Linux 12.04, 14.04, 16.04, 17.10

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-h6gr-h9qh-f94v: The Salsa20 encryption algorithm in the Linux kernel before 42022-05-14
CVEList
CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel before 42017-12-20
OSV
CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel before 42017-12-20

📋Vendor Advisories

10
Ubuntu
Linux kernel (Azure) vulnerabilities2018-04-24
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2018-04-05
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2018-04-05
Ubuntu
Linux kernel vulnerabilities2018-04-04
Ubuntu
Linux kernel vulnerabilities2018-04-04

💬Community

2
Bugzilla
CVE-2017-17805 kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service2017-12-21
Bugzilla
CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 kernel: various flaws [fedora-all]2017-12-21