CVE-2017-17805

Name	CVE-2017-17805
Description	The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1232-1, DSA-4073-1, DSA-4082-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.218-1	fixed
	bullseye (security)	5.10.221-1	fixed
	bookworm	6.1.94-1	fixed
	bookworm (security)	6.1.90-1	fixed
	trixie	6.9.8-1	fixed
	sid	6.9.9-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
linux	source	wheezy	3.2.96-3	DLA-1232-1
linux	source	jessie	3.16.51-3+deb8u1	DSA-4082-1
linux	source	stretch	4.9.65-3+deb9u1	DSA-4073-1
linux	source	(unstable)	4.14.7-1

Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)