Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-43815HistoryAug 17, 2024 - 10:15 a.m.
CVE-2024-43815
2024-08-1710:15:07
Debian Security Bug Tracker
security-tracker.debian.org
2
linux kernel
vulnerability
crypto module
mxs-dcp
payload
stack memory
aes
hardware key slots
fix
In the Linux kernel, the following vulnerability has been resolved: crypto: mxs-dcp - Ensure payload is zero when using key slot We could leak stack memory through the payload field when running AES with a key from one of the hardware’s key slots. Fix this by ensuring the payload field is set to 0 in such cases. This does not affect the common use case when the key is supplied from main memory via the descriptor payload.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | < 6.1.106-3 | linux_6.1.106-3_all.deb |
| Debian | 11 | all | linux | < 5.10.223-1 | linux_5.10.223-1_all.deb |
| Debian | 999 | all | linux | < 6.10.9-1 | linux_6.10.9-1_all.deb |
| Debian | 13 | all | linux | < 6.10.9-1 | linux_6.10.9-1_all.deb |
Related
cvelist
cvelist
CVE-2024-43815 crypto: mxs-dcp - Ensure payload is zero when using key slot
2024-08-17 09:21:38
cve
cve
CVE-2024-43815
2024-08-17 10:15:07
ubuntucve
ubuntucve
CVE-2024-43815
2024-08-17 00:00:00
vulnrichment
vulnrichment
CVE-2024-43815 crypto: mxs-dcp - Ensure payload is zero when using key slot
2024-08-17 09:21:38
nvd
nvd
CVE-2024-43815
2024-08-17 10:15:07
redhatcve
redhatcve
CVE-2024-43815
2024-08-19 13:45:01