You have been subscribed to a public bug: Description: zkey: Fix display of XTS attribute for validate command Symptom: The 'zkey validate' command shows an invalid value for the XTS attribute. Problem: Due to a use after free of the secure key, the XTS attribute is not determined correctly, and is displayed incorrectly. Function is_xts_key() is called with a secure key that has already been freed and thus most likely returns false. This bug has been introduced with feature SEC1717 "Cipher key support" with commit 298fab68fee8 "zkey: Preparations for introducing a new key type" Solution: Free the secure key only after the last use. Reproduction: Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER and then run 'zkey validate'.
Upstream Commit ID: f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23 https://github.com/ibm-s390-tools/s390-tools/commit/f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23 Need to be applied on top of 2.12. ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Skipper Bug Screeners (skipper-screen-team) Status: New ** Tags: architecture-s39064 bugnameltc-183695 severity-high targetmilestone-inin2004 -- [UBUNTU 20.04] zkey: Fix display of XTS attribute for validate command https://bugs.launchpad.net/bugs/1862187 You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp