549 matches found
CVE-2024-50281
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation When sealing or unsealing a key blob we currently do not wait for the AEAD cipher operation to finish and simply return after submitting the request. If there is...
kernel: crypto: pcrypt - Fix hungtask for PADATA_RESET
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as follows: INFO: task cryptomgrtest:391009 blocked for more than 120 seconds. "echo 0 /proc/sys/kernel/hungtasktimeoutsecs" disables this...
The vulnerability of the tipc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the tipc component in the Linux operating system’s kernel is related to the assignment of the NULL pointer in the tipcaeadinit function. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-50047
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...
CVE-2024-50047 smb: client: fix UAF in async decryption
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...
CVE-2024-50047 smb: client: fix UAF in async decryption
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...
CLSA-2024-1729518310 Fix of 15 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-38632 - vfio/pci: fix potential memory leak in vfiointxenable CVE-url: https://ubuntu.com/security/CVE-2024-46840 - btrfs: clean up our handling of refs == 0 in snapshot delete CVE-url: https://ubuntu.com/security/CVE-2024-44954 - ALSA: line6: Fix rac...
SUSE CVE-2024-42229
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...
CVE-2024-42229
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...
Linux kernel 安全漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from crypto:aead, a buffer in the cipher module that should be cleared and freed from previously held private keys using kfreesensitive...
Tenable.ad < 3.59.5 Multiple Vulnerabilities (TNS-2024-11)
The version of Tenable.ad installed on the remote host is prior to 3.59.5. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-11 advisory. - The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of...
SUSE CVE-2023-52813
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as follows: INFO: task cryptomgrtest:391009 blocked for more than 120 seconds. "echo 0 /proc/sys/kernel/hungtasktimeoutsecs" disables this...
DEBIAN-CVE-2023-52813
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as follows: INFO: task cryptomgrtest:391009 blocked for more than 120 seconds. "echo 0 /proc/sys/kernel/hungtasktimeoutsecs" disables this...
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-3255)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications...
K000138198: OpenSSL vulnerability CVE-2023-6129
Security Advisory Description Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influenc...
Design/Logic Flaw
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
CVE-2023-6129
CVE-2023-6129: OpenSSL POLY1305 MAC bug on PowerPC (PowerISA 2.07) can corrupt vector registers/state when POLY1305 is used, potentially affecting TLS deployments. Impact ranges from no observable issues to application crashes or takeover, per advisories. Affected platforms are PowerPC CPUs with ...
CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
CVE-2023-6129
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...