kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
The HMAC implementation crypto/hmac.c in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed. This allows a local attacker, able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3, ...