suse · CVE-2017-17805

Quick triage

Priority: high Published: 2021-05-30 14:04:59 UTC Updated: 2025-03-25 00:43:23 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-17805 severity important: SUSE including 242 source package names (bpftool-3.10.0-957.el7, cluster-md-kmp-default-4.12.14-120.1, …), 455 product×package rows across 70 product lines (SLES for SAP Applications 11 SP3, SUSE Liberty Linux 7, … (70 product lines)): Fixed 356, Known Not Affected 99.

Description:

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

cvelogic Threat Intelligence