Nasm

**Name of the Vulnerable Software and Affected Versions** NetBSD versions prior to commit ec8451e **Description** A race condition in the `cryptodev op()` function within the opencrypto subsystem allows local attackers to trigger a double-free condition on SMP (Symmetric Multiprocessing) systems. This occurs when CIOCCRYPT operations are issued concurrently using the same session identifier. Attackers can leverage mutable per-operation state within the `csession` struct to corrupt kernel heap memory. **Recommendations** Update NetBSD to a version that includes commit ec8451e.

**Name of the Vulnerable Software and Affected Versions** NetBSD versions prior to commit ec8451e **Description** A signed integer overflow exists in the `cryptodev op()` function within sys/opencrypto/cryptodev.c. The issue occurs because the local variable `iov len` is declared as a signed integer but is assigned a value from the unsigned `cop->dst len` variable, leading to undefined behavior when `cop->dst len` exceeds INT MAX. A local attacker with access to '/dev/crypto' and a compression session type can exploit this by providing a `dst len` value exceeding INT MAX. This can result in corrupted UIO pointer arithmetic or a kernel panic via NULL pointer dereference when CONFIG SVS is disabled. **Recommendations** Update to the version containing commit ec8451e.

**Name of the Vulnerable Software and Affected Versions** cryptodev-linux versions 1.14 and prior **Description** A flaw exists in the get userbuf function within the /dev/crypto device driver of cryptodev-linux. This flaw involves improper handling of page references, potentially leading to use-after-free conditions. Local users with access to the /dev/crypto interface can exploit this by repeatedly decreasing reference counts of pages they control, which may result in local privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.