189 matches found
AZL-50936 CVE-2024-50047 affecting package kernel for versions less than 6.6.57.1-1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...
UBUNTU-CVE-2024-50047
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...
CVE-2024-50047 smb: client: fix UAF in async decryption
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...
CVE-2024-50047 smb: client: fix UAF in async decryption
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...
CVE-2024-50047
CVE-2024-50047 is a Linux kernel issue affecting the SMB client’s async crypto path. When performing async decryption for large reads, a use-after-free in the cryptography API can occur, crashing due to a freed AEAD request while the hardware crypto offload is still processing. The Astra Linux ad...
Astra Linux - уязвимость в mbedtls
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
kernel: local dos vulnerability in scatterwalk_copychunks
A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching...
ROS-20240503-04
A vulnerability in the mbedtlsx509setextension function of the Mbed TLS software is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto...
ROS-20240503-13
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
ROS-20240503-16
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
ROS-20240503-15
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
ROS-20240503-14
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
ROS-20240503-17
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
kernel: tls: handle backlogging of crypto requests
A flaw was found in the tls subsystem of the Linux kernel. When setting the CRYPTOTFMREQMAYBACKLOG flag on requests to the crypto API, cryptoaeadencrypt and cryptoaeaddecrypt functions can return -EBUSY instead of -EINPROGRESS in valid situations. This issue could lead to undefined behavior and a...
Mageia: Security Advisory (MGASA-2024-0146)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0146 Updated mbedtls packages fix security vulnerability
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. CVE-2024-28960...
Ubuntu: Security Advisory (USN-6726-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : mbedtls (2024-666210bd74)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-666210bd74 advisory. - Update to 2.28.8 Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8 Tenable has extracted the preceding description block...
Sensitive Information Disclosure
libmbedtls.so is vulnerable to Sensitive Information Disclosure. The vulnerability is due to inadequate handling of shared memory within the PSA Crypto API, potentially leading to information disclosure...