CVE-2023-54325

CVE-2023-54325 relates to the Linux kernel crypto/qat issue where preparing an AER-CTR request could trigger an out-of-bounds read when the device is QAT GEN4. The root cause is that the key provided by users is copied into a firmware-accessible structure with a rounded-up key length for GEN4, wh...

CVE-2023-54325 crypto: qat - fix out-of-bounds read

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a data structure that is accessible by the firmware. If the target device is QAT GEN4, the key size is...

PT-2022-10190 · Philips · Philips Vue Pacs

Name of the Vulnerable Software and Affected Versions: Philips Vue PACS versions 12.2.x.x and prior Description: The issue concerns the use of a cryptographic key or password past its expiration date, which significantly diminishes safety by increasing the timing window for cracking attacks again...

kernel: local privesc in key management

A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively...