CVE-2023-53599

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53599
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53599.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53599
Downstream
Related
Published
2025-10-04T15:44:11.096Z
Modified
2026-02-21T08:32:01.947591Z
Summary
crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390

Fix afalgallocareq() to initialise areq->firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq->first_rsgl.sgl.sgl.

Without this, the gcm-aes-s390 driver will oops when it tries to do gcmwalkstart() on req->dst because req->dst is set to the value of areq->firstrsgl.sgl.sgl by _aeadrecvmsg() calling aeadrequestset_crypt().

The problem comes if an empty ciphertext is passed: the loop in afalggetrsgl() just passes straight out and doesn't set areq->firstrsgl up.

This isn't a problem on x8664 using gcmaescryptbysg() because, as far as I can tell, that ignores req->dst and only uses req->src[*].

[*] Is this a bug in aesni-intel_glue.c?

The s390x oops looks something like:

Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 0000000a00000000 TEID: 0000000a00000803 Fault in home space mode while using kernel ASCE. AS:00000000a43a0007 R3:0000000000000024 Oops: 003b ilc:2 [#1] SMP ... Call Trace: [<000003ff7fc3d47e>] gcmwalkstart+0x16/0x28 [aess390] [<00000000a2a342f2>] cryptoaeaddecrypt+0x9a/0xb8 [<00000000a2a60888>] aeadrecvmsg+0x478/0x698 [<00000000a2e519a0>] sockrecvmsg+0x70/0xb0 [<00000000a2e51a56>] sockreaditer+0x76/0xa0 [<00000000a273e066>] vfsread+0x26e/0x2a8 [<00000000a273e8c4>] ksysread+0xbc/0x100 [<00000000a311d808>] _dosyscall+0x1d0/0x1f8 [<00000000a312ff30>] systemcall+0x70/0x98 Last Breaking-Event-Address: [<000003ff7fc3e6b4>] gcmaescrypt+0x104/0xa68 [aes_s390]

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53599.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c1abe6f570aff4b6d396dc551e60570d2f50bd79
Fixed
2c9d205040d7c0eaccc473917f9b0bb0a923e440
Fixed
6a4b8aa0a916b39a39175584c07222434fa6c6ef

Affected versions

v6.*
v6.4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53599.json"
vanir_signatures 
[
    {
        "id": "CVE-2023-53599-13068608",
        "target": {
            "function": "af_alg_alloc_areq",
            "file": "crypto/af_alg.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a4b8aa0a916b39a39175584c07222434fa6c6ef",
        "digest": {
            "function_hash": "213727224262608077347482658005821209289",
            "length": 340.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53599-54b12865",
        "target": {
            "file": "crypto/af_alg.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a4b8aa0a916b39a39175584c07222434fa6c6ef",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "142464539751365463111042161284409515283",
                "302865592429986237249004769469404100154",
                "25383616496823304185722687336815400399",
                "124265270627311876135909813617203860155"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53599-e23601b1",
        "target": {
            "file": "crypto/af_alg.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2c9d205040d7c0eaccc473917f9b0bb0a923e440",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "142464539751365463111042161284409515283",
                "302865592429986237249004769469404100154",
                "25383616496823304185722687336815400399",
                "124265270627311876135909813617203860155"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53599-ef46e7ab",
        "target": {
            "function": "af_alg_alloc_areq",
            "file": "crypto/af_alg.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2c9d205040d7c0eaccc473917f9b0bb0a923e440",
        "digest": {
            "function_hash": "213727224262608077347482658005821209289",
            "length": 340.0
        },
        "signature_type": "Function"
    }
]

Git / github.com/gregkh/linux

Affected ranges

Type
GIT
Repo
https://github.com/gregkh/linux
Events
Introduced
2dde18cd1d8fac735875f2e4987f11817cc0bc2c
Fixed
238589d0f7b421aae18c5704dc931595019fa6c7

Affected versions

v6.*
v6.5
v6.5.1
v6.5.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53599.json"