CVE-2020-10769

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux kernel versions prior to 5.0

Description A buffer over-read flaw was found in the crypto authenc extractkeys function in the crypto/authenc.c file of the IPsec Cryptographic algorithm's module, authenc. This issue occurs when a payload longer than 4 bytes does not follow 4-byte alignment boundary guidelines, causing a buffer over-read threat that can lead to a system crash. The flaw allows a local attacker with user privileges to cause a denial of service.

Recommendations For Red Hat Enterprise Linux kernel versions prior to 5.0, consider disabling the crypto authenc extractkeys function as a temporary workaround until a patch is available. Restrict access to the vulnerable module authenc to minimize the risk of exploitation. Avoid using payloads longer than 4 bytes that do not follow 4-byte alignment boundary guidelines in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.