crypto: akcipher - Disable signing and decryption (!3755) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Herbert Xu requested to merge herbert.xu2/centos-stream-9-20240129:jr17113 into main Feb 15, 2024

JIRA: https://issues.redhat.com/browse/RHEL-17113 Upstream Status: RHEL only CVE: CVE-2023-6240

The decryption and signing capabilities are never used within the
kernel.  However, they are exposed to user-space through the keyctl
system call.

As these operations may cause security issues, disable them by
stubbing out the relevant entry points.

Signed-off-by: Herbert Xu herbert.xu@redhat.com

Edited Feb 15, 2024 by Herbert Xu

crypto: akcipher - Disable signing and decryption

Merge request reports