Astra Linux - уязвимость в mbedtls

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001805)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001805 advisory. The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for...

TencentOS Server 4: mbedtls (TSSA-2025:0533)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0533 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2025-52496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a...

Compiler Optimization Removal or Modification of Security-critical Code

Overview Affected versions of this package are vulnerable to Compiler Optimization Removal or Modification of Security-critical Code due to a race condition in AESNI detection when certain compiler optimizations are applied. An attacker can extract sensitive cryptographic keys or perform...

CVE-2025-52496

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...

CVE-2025-52496

CVE-2025-52496 affects Mbed TLS prior to 3.6.4. The issue is a race condition during AES-NI detection triggered by certain compiler optimizations, enabling an attacker to either extract an AES key from a multithreaded process or perform a GCM forgery. Affected component: mbedtls library AESNI det...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...

CVE-2024-26584

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...

SUSE CVE-2018-15560

PyCryptodome before 3.6.6 has an integer overflow in the datalen variable in AESNI.c, related to the AESNIencrypt and AESNIdecrypt functions, leading to the mishandling of messages shorter than 16 bytes...

GSD-2021-1001709 crypto: aesni - xts_crypt() return if walk.nbytes is 0

crypto: aesni - xtscrypt return if walk.nbytes is 0 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.10 by commit...

UVI-2021-1001709 crypto: aesni - xts_crypt() return if walk.nbytes is 0

crypto: aesni - xtscrypt return if walk.nbytes is 0 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.10 by commit...

actinium226-librespot (=0.4.3), actinium226-librespot-connect (=0.4.3) +921 more potentially affected by unknown CVE via aesni (>=0.10.0 <=0.9.0)

aesni CARGO version =0.10.0, =0.4.3, =0.1.3, =0.1.0, =0.3.0, =0.3.0, =0.5.1, =0.0.2, =0.1.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0059...

aesni (>=0.7.0 <=0.9.0), aries-askar (=0.1.2) +28 more potentially affected by unknown CVE via stream-cipher (>=0.4.1 <=0.7.1)

stream-cipher CARGO version =0.4.1, =0.7.0, =0.1.1, =0.1.1, =0.1.0, =0.4.0, =0.5.0, =0.2.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0-pre.1, =0.1.0, =0.3.1, =0.3.9 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0058...

cryptofuzz/cryptofuzz-openssl: Crash in aesni_ecb_encrypt

Project: https://github.com/guidovranken/cryptofuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5638960371466240 Project: cryptofuzz Fuzzer: libFuzzercryptofuzzcryptofuzz-openssl Fuzz target binary: cryptofuzz-openssl Job Type: libfuzzerubsancryptofuzz Platform Id: linux Crash Type:...

PyCryptodome Integer Overflow Vulnerability

PyCryptodome is a cryptographic package for Python consisting of low-level cryptographic primitives. An integer overflow vulnerability exists in the datalen variable of the AESNI.c file in PyCryptodome versions prior to 3.6.6. An attacker can exploit this vulnerability with the help of messages...

CVE-2018-15560

CVE-2018-15560 affects PyCryptodome prior to 3.6.6. The vulnerability is an integer overflow in the data_len variable of AESNI.c, related to AESNI_encrypt and AESNI_decrypt, causing mishandling of messages shorter than 16 bytes. Fedora advisories and Nessus/OpenVAS entries reference security fixe...

CVE-2018-15560

PyCryptodome before 3.6.6 has an integer overflow in the datalen variable in AESNI.c, related to the AESNIencrypt and AESNIdecrypt functions, leading to the mishandling of messages shorter than 16 bytes...

PT-2018-13086 · Legion Of The Bouncy Castle · Pycryptodome

Name of the Vulnerable Software and Affected Versions: PyCryptodome versions prior to 3.6.6 Description: The issue is related to an integer overflow in the data len variable in AESNI.c, which affects the AESNI encrypt and AESNI decrypt functions. This leads to the mishandling of messages shorter...

kernel security, bug fix, and enhancement update

3.10.0-862.2.3.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-862.2.3 - x86 kvm: fix icebp instruction handling Paolo Bonzini 1566849 1566845...