43 matches found
CVEs
NULL Dereference The vulnerabilities found in cryptofioctl...
CVE-2026-32848
NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodevop within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit...
CVE-2026-32848 NetBSD cryptodev Race Condition Double-Free via cryptodev_op()
NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodevop within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit...
CVE-2026-32848 NetBSD cryptodev Race Condition Double-Free via cryptodev_op()
NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodevop within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit...
CVE-2026-32848
NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodevop within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit...
CVE-2026-32849
The CVE-2026-32849 entry concerns NetBSD prior to commit ec8451e, where a signed integer overflow in cryptodev_op() (sys/opencrypto/cryptodev.c) occurs because iov_len is signed but assigned from cop->dst_len (unsigned). When dst_len > INT_MAX, undefined behavior can occur, enabling a local...
CVE-2026-32849
NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodevop function in sys/opencrypto/cryptodev.c where the local variable iovlen is declared as a signed int but assigned from an unsigned cop-dstlen value, causing undefined behavior when cop-dstlen exceeds...
EUVD-2026-30789
NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodevop function in sys/opencrypto/cryptodev.c where the local variable iovlen is declared as a signed int but assigned from an unsigned cop-dstlen value, causing undefined behavior when cop-dstlen exceeds...
CVE-2026-32849 NetBSD Signed Integer Overflow in cryptodev_op via cryptodev.c
NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodevop function in sys/opencrypto/cryptodev.c where the local variable iovlen is declared as a signed int but assigned from an unsigned cop-dstlen value, causing undefined behavior when cop-dstlen exceeds...
PT-2026-41713
Name of the Vulnerable Software and Affected Versions NetBSD versions prior to commit ec8451e Description A race condition in the cryptodev op function within the opencrypto subsystem allows local attackers to trigger a double-free condition on SMP Symmetric Multiprocessing systems. This occurs...
PT-2026-41714
NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev op function in sys/opencrypto/cryptodev.c where the local variable iov len is declared as a signed int but assigned from an unsigned cop-dst len value, causing undefined behavior when cop-dst len...
CVE-2026-28529
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the getuserbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of...
EUVD-2026-15408
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the getuserbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of...
CVE-2026-28529
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the getuserbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of...
CVE-2026-28529 cryptodev-linux <= 1.14 get_userbuf Use After Free LPE
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the getuserbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of...
CVE-2026-28529 cryptodev-linux <= 1.14 get_userbuf Use After Free LPE
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the getuserbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of...
CVE-2026-28529
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the getuserbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of...
CVE-2026-28529
CVE-2026-28529 affects cryptodev-linux
cryptodev-linux 资源管理错误漏洞
cryptodev-linux is an open-source Linux kernel encryption device driver developed by cryptodev-linux. Versions of cryptodev-linux prior to 1.14 contain a resource management vulnerability. This vulnerability stems from a page reference handling flaw in the getuserbuf function of the /dev/crypto...
PT-2026-27766
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of...