Description

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this problem by copying the data into the clone bio first and then encrypt them inside the clone bio. This may reduce performance, but it is needed to prevent the user from corrupting the device by writing data with O_DIRECT and modifying them at the same time. [1] https://lore.kernel.org/all/[email protected]/T/

INFO

Published Date :

2024-04-03T17:00:46.308Z

Last Modified :

2026-01-05T10:34:22.171Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-26763 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact