CVE-2011-4081

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.

From the Ubuntu Security Team

Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-1292-1
• Linux kernel (Maverick backport) vulnerabilities
• 8 December 2011
• USN-1302-1
• Linux kernel (OMAP4) vulnerabilities
• 13 December 2011
• USN-1299-1
• Linux kernel (EC2) vulnerabilities
• 13 December 2011
• USN-1322-1
• Linux kernel vulnerability
• 9 January 2012
• USN-1301-1
• Linux kernel (Natty backport) vulnerabilities
• 13 December 2011
• USN-1312-1
• Linux kernel vulnerabilities
• 19 December 2011
• USN-1303-1
• Linux kernel (Marvell DOVE) vulnerabilities
• 13 December 2011
• USN-1293-1
• Linux kernel vulnerabilities
• 8 December 2011
• USN-1311-1
• Linux kernel vulnerabilities
• 19 December 2011
• USN-1304-1
• Linux kernel (OMAP4) vulnerabilities
• 13 December 2011
• USN-1287-1
• Linux (OMAP4) vulnerability
• 5 December 2011
• USN-1313-1
• Linux Kernel (Oneiric backport) vulnerability
• 19 December 2011

Other references

• https://www.cve.org/CVERecord?id=CVE-2011-4081