Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that in the spu2dumpomd function, the value of ptr is increased by ciphkeylen instead of hashivlen,...

Demo of AES GCM Misuse Problems

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode...

CVE-2024-27160 Hardcoded password used to encrypt logs and use of weak cipher

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for th...

CVE-2024-27160 Hardcoded password used to encrypt logs and use of weak cipher

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for th...

PT-2024-6326 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: WolfSSL affected versions not specified Description: A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from...

RHEL 6 : ovmf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: Malformed X.509 IPAdressFamily could cause OOB read CVE-2017-3735 - openssl: 0-byte record paddi...

python-cryptography: memory corruption via immutable objects

A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...

CLI SSH not working after upgrade with OpenSSH vulnerability patch Error Bad SSH2 cipher spec

After Upgrading to a firmware version with OpenSSH v9.3 patched for the recent SSH vulnerabilities 12.1-55.304+ FIPS, 13.0-92.23+, 13.1-53.4+, 13.1-37.180+ FIPS, 14.1-22.16+ SSH is not working anymore. Putty throws the error: Network error: Software caused connection abort...

UBUNTU-CVE-2023-52669

In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the actual length left and cop...

DEBIAN-CVE-2024-27434

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

UBUNTU-CVE-2024-27434

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

CVE-2024-27434 wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

CVE-2024-27434

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

CVE-2024-27434 wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

CVE-2024-27434

CVE-2024-27434 : In the Linux kernel, the wifi driver iwlwifi/mvm incorrectly set the MFP flag for GTK, which could crash the firmware when an AP uses TKIP with MFPC. The patch ensures GTK is not marked with MFP, mitigating the issue. CVSS v3.1 base score 5.5 (LOCAL, LOW attack complexity, LOW pr...

CVE-2024-27434 wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

PT-2024-10931 · Unknown · Nats Server

Name of the Vulnerable Software and Affected Versions: nats-server versions prior to 2.2.3 Description: The issue concerns cryptographic problems in the nats-server, where the use of CLI flags to set TLS parameters overrides the default restricted ciphersuite settings, potentially allowing client...

curl: QUIC certificate check bypass with wolfSSL

A flaw was found in curl. When libcurl is built to use wolfSSL as the TLS backend, it skips certificate verification for a QUIC connection if an unknown/bad cipher or curve is used...

PT-2024-40758 · Git +1 · Boringssl

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of Use-of-uninitialized-value. The crash occurs in the bssl::ssl cipher process rules function, which is called by...

SUSE CVE-2024-27061

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8icecipherunprepare should be called before cryptofinalizeskcipherrequest, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used...