Public bug reported:
Description: zkey: Fix display of XTS attribute for validate command
Symptom: The 'zkey validate' command shows an invalid value for
the XTS attribute.
Problem: Due to a use after free of the secure key, the XTS attribute
is not determined correctly, and is displayed incorrectly.
Function is_xts_key() is called with a secure key that has
already been freed and thus most likely returns false.
This bug has been introduced with feature SEC1717 "Cipher
key support" with commit 298fab68fee8 "zkey: Preparations for
introducing a new key type"
Solution: Free the secure key only after the last use.
Reproduction: Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
and then run 'zkey validate'.
Upstream Commit ID: f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23
https://github.com/ibm-s390-tools/s390-tools/commit/f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23
Need to be applied on top of 2.12.
** Affects: s390-tools (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-183695 severity-high
targetmilestone-inin2004
** Tags added: architecture-s39064 bugnameltc-183695 severity-high
targetmilestone-inin2004
** Changed in: ubuntu
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Package changed: ubuntu => linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1862187
Title:
[UBUNTU 20.04] zkey: Fix display of XTS attribute for validate command
Status in s390-tools package in Ubuntu:
New
Bug description:
Description: zkey: Fix display of XTS attribute for validate command
Symptom: The 'zkey validate' command shows an invalid value for
the XTS attribute.
Problem: Due to a use after free of the secure key, the XTS attribute
is not determined correctly, and is displayed incorrectly.
Function is_xts_key() is called with a secure key that has
already been freed and thus most likely returns false.
This bug has been introduced with feature SEC1717 "Cipher
key support" with commit 298fab68fee8 "zkey: Preparations for
introducing a new key type"
Solution: Free the secure key only after the last use.
Reproduction: Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
and then run 'zkey validate'.
Upstream Commit ID: f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23
https://github.com/ibm-s390-tools/s390-tools/commit/f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23
Need to be applied on top of 2.12.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s390-tools/+bug/1862187/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
