On Fri, Mar 18, 2016 at 10:42:40PM +0800, Herbert Xu wrote: > This bug has already bee fixed upstream since 4.2. However, it > was fixed during the AEAD conversion so no fix was backported to > the older kernels. What was the commit id of that fix? > > When we do an RFC 4543 decryption, we will end up writing the > ICV beyond the end of the dst buffer. This should lead to a > crash but for some reason it was never noticed. > > This patch fixes it by only writing back the ICV for encryption. > > Fixes: d733ac90f9fe ("crypto: gcm - fix rfc4543 to handle async...") > Reported-by: Patrick Meyer <patrick.meyer@xxxxxxxxxxx> > Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> What stable kernel(s) do you want this in? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html