From: Greg Kroah-Hartman Date: Tue, 16 Jun 2026 12:06:44 +0000 (+0530) Subject: 5.10-stable patches X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7d12a182f88f8a16bc61860bbcbf8bebdaa078f9;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch --- diff --git a/queue-5.10/lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch b/queue-5.10/lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch new file mode 100644 index 0000000000..344170ba9f --- /dev/null +++ b/queue-5.10/lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch @@ -0,0 +1,70 @@ +From 8c2f1288250a90a4b5cabed5d888d7e3aeed4035 Mon Sep 17 00:00:00 2001 +From: Lukas Wunner +Date: Sun, 12 Apr 2026 16:19:47 +0200 +Subject: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() + +From: Lukas Wunner + +commit 8c2f1288250a90a4b5cabed5d888d7e3aeed4035 upstream. + +Yiming reports an integer underflow in mpi_read_raw_from_sgl() when +subtracting "lzeros" from the unsigned "nbytes". + +For this to happen, the scatterlist "sgl" needs to occupy more bytes +than the "nbytes" parameter and the first "nbytes + 1" bytes of the +scatterlist must be zero. Under these conditions, the while loop +iterating over the scatterlist will count more zeroes than "nbytes", +subtract the number of zeroes from "nbytes" and cause the underflow. + +When commit 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") originally +introduced the bug, it couldn't be triggered because all callers of +mpi_read_raw_from_sgl() passed a scatterlist whose length was equal to +"nbytes". + +However since commit 63ba4d67594a ("KEYS: asymmetric: Use new crypto +interface without scatterlists"), the underflow can now actually be +triggered. When invoking a KEYCTL_PKEY_ENCRYPT system call with a +larger "out_len" than "in_len" and filling the "in" buffer with zeroes, +crypto_akcipher_sync_prep() will create an all-zero scatterlist used for +both the "src" and "dst" member of struct akcipher_request and thereby +fulfil the conditions to trigger the bug: + + sys_keyctl() + keyctl_pkey_e_d_s() + asymmetric_key_eds_op() + software_key_eds_op() + crypto_akcipher_sync_encrypt() + crypto_akcipher_sync_prep() + crypto_akcipher_encrypt() + rsa_enc() + mpi_read_raw_from_sgl() + +To the user this will be visible as a DoS as the kernel spins forever, +causing soft lockup splats as a side effect. + +Fix it. + +Reported-by: Yiming Qian # off-list +Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") +Signed-off-by: Lukas Wunner +Cc: stable@vger.kernel.org # v4.4+ +Reviewed-by: Ignat Korchagin +Reviewed-by: Jarkko Sakkinen +Link: https://lore.kernel.org/r/59eca92ff4f87e2081777f1423a0efaaadcfdb39.1776003111.git.lukas@wunner.de +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + lib/mpi/mpicoder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/mpi/mpicoder.c ++++ b/lib/mpi/mpicoder.c +@@ -453,7 +453,7 @@ MPI mpi_read_raw_from_sgl(struct scatter + lzeros = 0; + len = 0; + while (nbytes > 0) { +- while (len && !*buff) { ++ while (len && !*buff && lzeros < nbytes) { + lzeros++; + len--; + buff++; diff --git a/queue-5.10/series b/queue-5.10/series index 41ba74d223..c28ea9eb38 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -329,3 +329,4 @@ tty-serial-samsung-use-u32-for-register-interactions.patch tty-serial-samsung-remove-redundant-port-lock-acquisition-in-rx-helpers.patch usb-gadget-f_hid-tidy-error-handling-in-hidg_alloc.patch usb-gadget-f_hid-fix-device-reference-leak-in-hidg_alloc.patch +lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch