QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-17805

Back to search

CVE-2017-17805

Published: Dec 20, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2018:3083
vendor-advisory
x_refsource_REDHAT
USN-3617-1
vendor-advisory
x_refsource_UBUNTU
USN-3619-2
vendor-advisory
x_refsource_UBUNTU
DSA-4082
vendor-advisory
x_refsource_DEBIAN
USN-3617-3
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2018:0012
vendor-advisory
x_refsource_SUSE
SUSE-SU-2018:0011
vendor-advisory
x_refsource_SUSE
USN-3632-1
vendor-advisory
x_refsource_UBUNTU
USN-3620-2
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2018:0022
vendor-advisory
x_refsource_SUSE
102291
vdb-entry
x_refsource_BID
RHSA-2018:2948
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2018:0010
vendor-advisory
x_refsource_SUSE
DSA-4073
vendor-advisory
x_refsource_DEBIAN
USN-3617-2
vendor-advisory
x_refsource_UBUNTU
USN-3620-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:3096
vendor-advisory
x_refsource_REDHAT
USN-3619-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2018:0023
vendor-advisory
x_refsource_SUSE
RHSA-2019:2473
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now