CVE-2020-10769: 
Linux Kernel vulnerability analysis and mitigation

A buffer over-read flaw (CVE-2020-10769) was discovered in RH kernel versions before 5.0, specifically in the cryptoauthencextractkeys function within crypto/authenc.c in the IPsec Cryptographic algorithm's module (authenc). The vulnerability was disclosed in June 2020 and affected Linux kernel systems using the IPsec cryptographic module (NVD).

The vulnerability occurs when processing a payload longer than 4 bytes that does not follow 4-byte alignment boundary guidelines. This misalignment causes a buffer over-read condition, which can lead to a system crash. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, this vulnerability allows a local attacker with user privileges to cause a denial of service condition by triggering a system crash. The flaw specifically impacts the system's stability when processing certain IPsec cryptographic operations (NVD).

The issue was fixed in Linux kernel versions 5.0 and later. The patch modifies the cryptoauthencextractkeys function to properly handle payload alignment and prevent buffer over-read conditions. The fix was backported to various Linux distributions including OpenSUSE and Red Hat Enterprise Linux (OpenSUSE).