|
|
Log in / Subscribe / Register

The minimal fix

The minimal fix

Posted Apr 30, 2026 16:12 UTC (Thu) by epa (subscriber, #39769)
Parent article: A security bug in AEAD sockets

I have no quarrel with the fix that removes the in-place operation entirely, but shouldn't there be a fix for all levels of the exploit chain? The underlying bug, as I understand it, is with the crypto_authenc_esn_decrypt() function writing extra bytes past the end of the memory it was meant to decrypt. Shouldn't there be a patch fixing that first of all?

to post comments

The minimal fix

Posted May 4, 2026 17:41 UTC (Mon) by hmh (subscriber, #3838) [Link]

This contains more than just the "minimal" fix:
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6....

It looks to me like the several issues were addressed, not just the risky in-place operation...


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds