Lucene search
+L

22 matches found

redhat
redhat
added 2 days ago8 views

kernel: crypto: ccp - copy IV using skcipher ivsize

A flaw was found in the Linux kernel's cryptographic coprocessor CCP driver. When processing AFALG rfc3686-ctr-aes-ccp requests, the ccpaescomplete function attempts to restore more data than the allocated buffer for the Initialization Vector IV can hold. This leads to a buffer overrun, which can...

7.8CVSS6.1AI score0.00137EPSS
Exploits0References5
nessus
nessus
added 2026/06/25 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-53016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp - copy IV using skcipher ivsize AFALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver. ccpaescomplete restores AESBLOCKSIZE bytes into...

7.8CVSS6.2AI score0.00137EPSS
Exploits0References3
osv
osv
added 2026/06/24 4:29 p.m.2 views

CVE-2026-53016 crypto: ccp - copy IV using skcipher ivsize

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - copy IV using skcipher ivsize AFALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver. ccpaescomplete restores AESBLOCKSIZE bytes into the caller's IV buffer while RFC3686 skciphers expose an 8-byte IV, s...

7.8CVSS5.8AI score0.00137EPSS
Exploits0References16
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect use of the cleanupkfree attribute in the crypto/ccp driver. This improper usage...

7.8CVSS5.8AI score0.00127EPSS
Exploits0References3
astralinux
astralinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Use kzalloc for sev ioctl interfaces to prevent kernel memory leaks. For some sev ioctl interfaces, input data may be less than or equal to SEVFWBLOBMAXSIZE, but larger than the data returned by the PSP firmware. In...

5.5CVSS6.1AI score0.00193EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/01 7:38 p.m.9 views

CVE-2026-31698

A flaw was found in the Linux kernel's crypto subsystem, specifically within the ccp driver. A local user could exploit this vulnerability when attempting to retrieve the Platform DH PDH certificate. If a firmware command fails due to an invalid length, the driver may attempt to copy data to...

7.1CVSS6.1AI score0.00126EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/05/01 7:38 p.m.6 views

CVE-2026-31697

A flaw was found in the Linux kernel's crypto: ccp driver. A local user could exploit this vulnerability by attempting to retrieve the CPU ID when a firmware command fails due to an invalid length. This can cause an overflow of a kernel-allocated buffer, leading to the disclosure of sensitive...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
nessus
nessus
added 2026/04/07 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-006570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006570 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIGCRYPTODEVCCPDEBUGFS is...

5.5CVSS6AI score0.00159EPSS
Exploits0References4
nessus
nessus
added 2025/12/31 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993105)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993105 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioc...

5.5CVSS6.3AI score0.00193EPSS
Exploits0References4
nessus
nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-399525)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-399525 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in sevplatformshutdownlocked The SEV platform device c...

5.5CVSS5.9AI score0.00242EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-55484

Malicious code in bioql PyPI...

7.1AI score0.00193EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/09/07 12:0 a.m.5 views

PT-2025-36410

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue where an uninitialized error pointer is dereferenced within the crypto/ccp module. This issue was identified and addressed by fixing smatch warnings ...

6.1AI score0.00119EPSS
Exploits0References5
osv
osv
added 2025/08/19 5:15 p.m.5 views

UBUNTU-CVE-2025-38581

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIGCRYPTODEVCCPDEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' /sys/bus/pci/drivers/ccp/unbind $ echo '0000:0a:00.2'...

5.5CVSS5.8AI score0.00159EPSS
Exploits0References40
nvd
nvd
added 2025/06/18 11:15 a.m.5 views

CVE-2022-50226

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

5.5CVSS0.00193EPSS
Exploits0References5
osv
osv
added 2025/06/18 11:3 a.m.5 views

CVE-2022-50226 crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

5.5CVSS6.1AI score0.00193EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2025/06/18 12:0 a.m.12 views

PT-2025-26152 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A kernel memory leak issue has been identified in the Linux kernel's crypto subsystem, specifically in the ccp driver. The problem occurs when input passed to certain sev ioctl...

7.8CVSS6.1AI score0.12746EPSS
Exploits16References726
susecve
susecve
added 2024/08/22 2:58 a.m.3 views

SUSE CVE-2024-43874

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in sevsnpshutdownlocked Fix a null pointer dereference induced by DEBUGTESTDRIVERREMOVE. Return from sevsnpshutdownlocked if the pspdevice or the sevdevice structs are not initialized...

5.5CVSS7.5AI score0.0018EPSS
Exploits0References10
redhat
redhat
added 2023/05/16 8:56 a.m.3 views

kernel: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

5.5CVSS6.4AI score0.00193EPSS
Exploits0References5
debian
debian
added 2022/03/09 12:40 p.m.145 views

[SECURITY] [DLA 2941-1] linux-4.19 security update

Debian LTS Advisory DLA-2941-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings March 09, 2022 https://wiki.debian.org/LTS Package : linux-4.19 Version : 4.19.232-1deb9u1 CVE ID : CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744 CVE-2021-3752 CVE-2021-3760...

9CVSS7.6AI score0.67994EPSS
Exploits40
ubuntu
ubuntu
added 2021/11/30 11:8 p.m.100 views

USN-5164-1: Linux kernel vulnerabilities

It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-37159 It was discovered that th...

6.4CVSS7.1AI score0.00533EPSS
Exploits1
Rows per page
Query Builder