[SRU][Q][PATCH v2 4/6] crypto: authencesn - Fix src offset when decrypting in-place
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Thu Apr 30 19:28:08 UTC 2026
From: Herbert Xu <herbert at gondor.apana.org.au>
The src SG list offset wasn't set properly when decrypting in-place,
fix it.
Reported-by: Wolfgang Walter <linux at stwm.de>
Fixes: e02494114ebf ("crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption")
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
(cherry picked from commit 1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa)
CVE-2026-31431
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
---
crypto/authencesn.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/authencesn.c b/crypto/authencesn.c
index c0a01d738d9b..af3d584e584f 100644
--- a/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -228,9 +228,11 @@ static int crypto_authenc_esn_decrypt_tail(struct aead_request *req,
decrypt:
- if (src != dst)
- src = scatterwalk_ffwd(areq_ctx->src, src, assoclen);
dst = scatterwalk_ffwd(areq_ctx->dst, dst, assoclen);
+ if (req->src == req->dst)
+ src = dst;
+ else
+ src = scatterwalk_ffwd(areq_ctx->src, src, assoclen);
skcipher_request_set_tfm(skreq, ctx->enc);
skcipher_request_set_callback(skreq, flags,
--
2.53.0
More information about the kernel-team
mailing list