References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

The starfive_aes_aead_do_one_req() function allocates rctx->adata with
kzalloc() but fails to free it if sg_copy_to_buffer() or
starfive_aes_hw_init() fails, which lead to memory leaks.

Since rctx->adata is unconditionally freed after the write_adata
operations, ensure consistent cleanup by freeing the allocation in these
earlier error paths as well.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

https://git.kernel.org/stable/c/38d80307decc1132626a30e2a62af734630ecca5

https://git.kernel.org/stable/c/4869d0e4e48a5301b267d359b2561c4080791a55

https://git.kernel.org/stable/c/5f2c964a058581e1557c32d5de651c67a80438a7

https://git.kernel.org/stable/c/ccb679fdae2e62ed92fd9acb25ed809c0226fcc6