{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53599","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-04T15:40:38.479Z","datePublished":"2025-10-04T15:44:11.096Z","dateUpdated":"2026-05-11T19:48:16.675Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:48:16.675Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq->first_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq->first_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req->dst because req->dst is set to the value of\nareq->first_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn't set areq->first_rsgl\nup.\n\nThis isn't a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req->dst and only uses req->src[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n  [<000003ff7fc3d47e>] gcm_walk_start+0x16/0x28 [aes_s390]\n  [<00000000a2a342f2>] crypto_aead_decrypt+0x9a/0xb8\n  [<00000000a2a60888>] aead_recvmsg+0x478/0x698\n  [<00000000a2e519a0>] sock_recvmsg+0x70/0xb0\n  [<00000000a2e51a56>] sock_read_iter+0x76/0xa0\n  [<00000000a273e066>] vfs_read+0x26e/0x2a8\n  [<00000000a273e8c4>] ksys_read+0xbc/0x100\n  [<00000000a311d808>] __do_syscall+0x1d0/0x1f8\n  [<00000000a312ff30>] system_call+0x70/0x98\n Last Breaking-Event-Address:\n  [<000003ff7fc3e6b4>] gcm_aes_crypt+0x104/0xa68 [aes_s390]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["crypto/af_alg.c"],"versions":[{"version":"c1abe6f570aff4b6d396dc551e60570d2f50bd79","lessThan":"2c9d205040d7c0eaccc473917f9b0bb0a923e440","status":"affected","versionType":"git"},{"version":"c1abe6f570aff4b6d396dc551e60570d2f50bd79","lessThan":"6a4b8aa0a916b39a39175584c07222434fa6c6ef","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["crypto/af_alg.c"],"versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","status":"unaffected","versionType":"semver"},{"version":"6.5.3","lessThanOrEqual":"6.5.*","status":"unaffected","versionType":"semver"},{"version":"6.6","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.5.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2c9d205040d7c0eaccc473917f9b0bb0a923e440"},{"url":"https://git.kernel.org/stable/c/6a4b8aa0a916b39a39175584c07222434fa6c6ef"}],"title":"crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390","x_generator":{"engine":"bippy-1.2.0"}}}}