A vulnerability in the crypto subsystem of the Linux Kernel could allow a local attacker to gain elevated privileges on a targeted system.
The vulnerability is due to an incorrect reference to the null skcipher held by each transformation object (TFM), improperly placed when each af_alg_ctx is freed from an affected device. An attacker could exploit this vulnerability by using a custom program to cause the null skcipher to be freed while it is still in use. A successful exploit could allow the attacker to gain elevated privileges on an affected device.
Kernel.org confirmed the vulnerability and released software updates.
Security Impact Rating: High