CVE-2024-26945

CVE-2024-26945 affects the Linux kernel crypto: iaa code. The root cause is when nr_cpus = 1 when nr_iaa > 0 or when nr_iaa == 0. If exploitation details or versioned fixes are needed, refer to the kernel patch references in the CVE record.

CVE-2024-26877

In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH should be disabled to avoid triggering the following calltrace: ------------ cut here ------------ WARNING: CPU: 2 PID: 74 at...

DEBIAN-CVE-2021-47059

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - fix result memory leak on error path This patch fixes a memory leak on an error path...

CVE-2023-39533 libp2p nodes vulnerable to attack using large RSA keys

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

nodejs: DiffieHellman do not generate keys after setting a private key

A vulnerability has been identified in the Node.js, where a generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet...

CVE-2023-3108 Kernel: a race condition in crypto module in the function skcipher_recvmsg

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

CVE-2023-3108 Kernel: a race condition in crypto module in the function skcipher_recvmsg

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

Node.js: OpenSSL error handling issues in nodejs crypto library

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

PT-2023-34048 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: A resource leak was discovered in the remove process of the hisilicon/hpre crypto module. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kern...

PT-2023-33601 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue concerns increasing the memory of local variables in the crypto: hisilicon/qm module. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

PT-2022-35304 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue concerns an integer overflow when loading firmware, specifically related to the Cavium crypto module. This problem was introduced in version v4.11 and is fixed in Linux Kernel...

PT-2022-35305 · Marvell · Marvell Octeontx

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to preventing integer overflows in the crypto module of the Marvell OcteonTX driver. The actual impact and attack plausibility have not yet been proven. Recommendations...

PT-2022-35040 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to preventing integer overflows in the crypto module of the Marvell OcteonTX driver. The actual impact and attack plausibility have not yet been proven. It was introduced...

GSD-2022-1002710 crypto: cryptd - Protect per-CPU resource by disabling BH.

crypto: cryptd - Protect per-CPU resource by disabling BH. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

CVE-2022-26320

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm formerly Fuji Xerox devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization...

Format string

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm formerly Fuji Xerox devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization...

CVE-2022-26320

The issue affects Rambus SafeZone Basic Crypto Module versions prior to 10.4.0, incorporated in certain Fujifilm (formerly Fuji Xerox) devices and Canon imagePROGRAF/imageRUNNER devices. The root cause is insecure RSA key generation in the CLS PK KeyGenMT() routine, due to insufficient randomness...

CVE-2022-26320

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm formerly Fuji Xerox devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization...

PT-2022-7665 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the crypto component of the Linux kernel, specifically the qcom-rng module. The generate function in struct rng alg expects the destination buffer to be...

PT-2022-3152 · Rambus · Rambus Safezone Basic Crypto Module

Name of the Vulnerable Software and Affected Versions: Rambus SafeZone Basic Crypto Module versions prior to 10.4.0 Description: The issue is related to the generation of RSA keys that can be broken with Fermat's factorization method, allowing efficient calculation of private RSA keys from the...