Lucene search

GoogleOSV:CVE-2024-42155

HistoryJul 30, 2024 - 8:15 a.m.

CVE-2024-42155

2024-07-3008:15:07

Google

osv.dev

linux kernel

vulnerability

resolved

s390/pkey

wipe

copies

protected-keys

secure-keys

key material

calling process

stack

error

software

CVSS3

1.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved:

s390/pkey: Wipe copies of protected- and secure-keys

Although the clear-key of neither protected- nor secure-keys is
accessible, this key material should only be visible to the calling
process. So wipe all copies of protected- or secure-keys from stack,
even in case of an error.

References

git.kernel.org/stable/c/c746f7ced4ad88ee48d0b6c92710e4674403185b

git.kernel.org/stable/c/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207

security-tracker.debian.org/tracker/CVE-2024-42155

CVSS3

1.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

JSON

Related for OSV:CVE-2024-42155