CVE-2026-43492

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()<br /> <br /> Yiming reports an integer underflow in mpi_read_raw_from_sgl() when<br /> subtracting "lzeros" from the unsigned "nbytes".<br /> <br /> For this to happen, the scatterlist "sgl" needs to occupy more bytes<br /> than the "nbytes" parameter and the first "nbytes + 1" bytes of the<br /> scatterlist must be zero. Under these conditions, the while loop<br /> iterating over the scatterlist will count more zeroes than "nbytes",<br /> subtract the number of zeroes from "nbytes" and cause the underflow.<br /> <br /> When commit 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") originally<br /> introduced the bug, it couldn&amp;#39;t be triggered because all callers of<br /> mpi_read_raw_from_sgl() passed a scatterlist whose length was equal to<br /> "nbytes".<br /> <br /> However since commit 63ba4d67594a ("KEYS: asymmetric: Use new crypto<br /> interface without scatterlists"), the underflow can now actually be<br /> triggered. When invoking a KEYCTL_PKEY_ENCRYPT system call with a<br /> larger "out_len" than "in_len" and filling the "in" buffer with zeroes,<br /> crypto_akcipher_sync_prep() will create an all-zero scatterlist used for<br /> both the "src" and "dst" member of struct akcipher_request and thereby<br /> fulfil the conditions to trigger the bug:<br /> <br /> sys_keyctl()<br /> keyctl_pkey_e_d_s()<br /> asymmetric_key_eds_op()<br /> software_key_eds_op()<br /> crypto_akcipher_sync_encrypt()<br /> crypto_akcipher_sync_prep()<br /> crypto_akcipher_encrypt()<br /> rsa_enc()<br /> mpi_read_raw_from_sgl()<br /> <br /> To the user this will be visible as a DoS as the kernel spins forever,<br /> causing soft lockup splats as a side effect.<br /> <br /> Fix it.