Lucene search
K

104 matches found

OSV
OSV
added 2025/06/18 11:15 a.m.1 views

DEBIAN-CVE-2022-50171

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decrypt packets during the softirq, it is not allowed to use mutex lock. The kernel will report the following error:...

5.5CVSS5.3AI score0.00128EPSS
Exploits0References1
NVD
NVD
added 2025/06/18 10:15 a.m.5 views

CVE-2025-38068

In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the...

7.8CVSS0.00154EPSS
Exploits0References7
CVE
CVE
added 2025/06/18 9:33 a.m.104 views

CVE-2025-38079

The CVE-2025-38079 entry concerns a vulnerability in the Linux kernel crypto/algif_hash: a double free in hash_accept when accept(2) is used on an algif_hash socket with MSG_MORE and crypto_ahash_import fails. This leads to a slab-use-after-free due to sk2 being freed in both hash_accept and af_a...

7.8CVSS6.6AI score0.00175EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2025/02/26 7:1 a.m.8 views

CVE-2022-49563

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a line...

5.5CVSS0.00254EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/26 1:56 a.m.22 views

CVE-2022-49258 crypto: ccree - Fix use after free in cc_cipher_exit()

In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cccipherexit kfreesensitivectxp-user.key will free the ctxp-user.key. But ctxp-user.key is still used in the next line, which will lead to a use after free. We can call kfreesensitive after...

0.00252EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/26 1:56 a.m.10 views

CVE-2022-49258 crypto: ccree - Fix use after free in cc_cipher_exit()

In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cccipherexit kfreesensitivectxp-user.key will free the ctxp-user.key. But ctxp-user.key is still used in the next line, which will lead to a use after free. We can call kfreesensitive after...

7.6AI score0.00252EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/02/26 1:56 a.m.11 views

CVE-2022-49258

In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cccipherexit kfreesensitivectxp-user.key will free the ctxp-user.key. But ctxp-user.key is still used in the next line, which will lead to a use after free. We can call kfreesensitive after...

7.8CVSS5.6AI score0.00252EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/12/28 9:46 a.m.10 views

CVE-2024-56681

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahashhmacinit function The ahashinit functions may return fails. The ahashhmacinit should not return ok when ahashinit returns error. For an example, ahashinit will return -ENOMEM when...

5.5CVSS5.6AI score0.00228EPSS
Exploits0
OSV
OSV
added 2024/12/24 11:29 a.m.7 views

CVE-2024-53163 crypto: qat/qat_420xx - fix off by one in uof_get_name()

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat420xx - fix off by one in uofgetname This is called from uofgetname420xx where "numobjs" is the ARRAYSIZE of fwobjs. The needs to be = to prevent an out of bounds access...

5.5CVSS6.1AI score0.00243EPSS
Exploits0References6
CVE
CVE
added 2024/12/24 11:29 a.m.233 views

CVE-2024-53162

Linux kernel vulnerability CVE-2024-53162 in crypto: qat/qat_4xxx driver. Off-by-one in uof_get_name() can trigger out-of-bounds read when iterating fw_objs[] (/fw_objs has num_objs elements). The fix changes a comparison from > to >= to prevent reading beyond the array. No exploitation det...

7.1CVSS6.5AI score0.00252EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/12/24 11:29 a.m.12 views

CVE-2024-53162 crypto: qat/qat_4xxx - fix off by one in uof_get_name()

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat4xxx - fix off by one in uofgetname The fwobjs array has "numobjs" elements so the needs to be = to prevent an out of bounds read...

7.1CVSS6.2AI score0.00252EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.6 views

The vulnerability of the tipc_crypto_rcv_complete() function in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the tipccryptorcvcomplete function in the net/tipc/crypto.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

7.8CVSS6.4AI score0.00249EPSS
Exploits0References13Affected Software3
OSV
OSV
added 2024/10/21 1:15 p.m.6 views

AZL-50796 CVE-2024-47730 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo...

7.8CVSS6.6AI score0.00259EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/08/17 9:21 a.m.13 views

CVE-2024-43815

In the Linux kernel, the following vulnerability has been resolved: crypto: mxs-dcp - Ensure payload is zero when using key slot We could leak stack memory through the payload field when running AES with a key from one of the hardware's key slots. Fix this by ensuring the payload field is set to ...

7.1CVSS5.5AI score0.00213EPSS
Exploits0
CVE
CVE
added 2024/07/30 7:47 a.m.326 views

CVE-2024-42229

CVE-2024-42229 concerns a Linux kernel cryptography hardening issue in the AEAD/cipher path. The description states that after cryptographic operations, the key buffer must be zeroized, in line with I.G 9.7.B for FIPS 140-3 guidance. The fix involves zeroizing buffers that previously held private...

4.1CVSS6.6AI score0.00228EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2024/07/16 12:15 p.m.22 views

CVE-2022-48781

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - get rid of algmemoryallocated algmemoryallocated does not seem to be really used. algproto does have a .memoryallocated field, but no corresponding .sysctlmem. This means skhasaccount returns true, but all...

5.5CVSS0.00195EPSS
Exploits0References2
OSV
OSV
added 2024/07/12 1:15 p.m.2 views

DEBIAN-CVE-2024-41002

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak for sec resource release The AIV is one of the SEC resources. When releasing resources, it need to release the AIV resources at the same time. Otherwise, memory leakage occurs. The aiv...

5.5CVSS5.6AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2024/07/09 12:12 p.m.14 views

USN-6886-1 golang-1.21, golang-1.22 vulnerabilities

It was discovered that the Go net/http module did not properly handle the requests when request's headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...

9.8CVSS7AI score0.91969EPSS
Exploits1References10
CVE
CVE
added 2024/07/05 6:55 a.m.96 views

CVE-2024-39478

The CVE-2024-39478 vulnerability affects the Linux kernel crypto: starfive code path, where RSA text data uses a variable-length buffer allocated on the software stack. Calling kfree on that buffer can cause undefined behavior in subsequent operations, due to freeing a stack-allocated buffer. The...

5.5CVSS7.2AI score0.00184EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/06/19 1:37 p.m.14 views

CVE-2024-38579 crypto: bcm - Fix pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

5.5CVSS5.9AI score0.00254EPSS
Exploits0References13
Rows per page
Query Builder