42 matches found
crypto: x86/aegis - Add missing error checks
...
Security Bulletin: IBM Fusion HCI is vulnerable to Authorization Bypass due to Golang x/crypto (CVE-2024-45337, CVE-2025-22869)
Summary IBM Fusion HCI includes, but does not run or call, an SSH Server that is part of the Golang x/crypto module. This SSH Server is vulnerable to Denial of Service and Authorization Bypass. CVE-2024-45337, CVE-2025-22869 Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers whic...
UBUNTU-CVE-2025-39729
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix dereferencing uninitialized error pointer Fix below smatch warnings: drivers/crypto/ccp/sev-dev.c:1312 sevplatforminitlocked error: we previously assumed 'error' could be null...
SUSE SLES15 Security Update : kernel (Live Patch 59 for SLE 15 SP3) (SUSE-SU-2025:02933-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02933-1 advisory. This update for the Linux Kernel 5.3.18-15030059211 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: cor...
AZL-66500 CVE-2025-38581 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIGCRYPTODEVCCPDEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' /sys/bus/pci/drivers/ccp/unbind $ echo '0000:0a:00.2'...
The vulnerability of the crypto/xilinx/zynqmp-aes-gcm.c component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the crypto/xilinx/zynqmp-aes-gcm.c component in the Linux operating system is related to incorrect locking of resources. Exploiting this vulnerability could allow an attacker to cause a service failure...
crypto: hisilicon/qm - inject error before stopping queue
...
crypto: hisilicon/sec - Fix memory leak for sec resource release
...
UBUNTU-CVE-2024-41002
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak for sec resource release The AIV is one of the SEC resources. When releasing resources, it need to release the AIV resources at the same time. Otherwise, memory leakage occurs. The aiv...
SUSE CVE-2024-39493
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADFDEVRESETSYNC memory leak Using completiondone to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called...
PT-2022-33885 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.61 Description: The issue is related to a problem in the crypto: hisilicon/sec module where the system does not sleep when in softirq. The actual impact and attack plausibility have not yet been proven...
The vulnerability of the CLS_PK_KeyGenMT() function in the Rambus SafeZone basic crypto module allows a hacker to calculate private RSA keys from a public key of a TLS certificate.
The vulnerability of the CLSPKKeyGenMT function in the Rambus SafeZone base crypto module is related to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker, operating remotely, to calculate secret RSA keys from the public key of a TLS certificate...
CVE-2021-1422
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...
The vulnerability of the p11_rpc_buffer_get_byte_array_value function in the library for working with PKCS P11-kit modules, related to writing beyond the buffer’s boundaries, allows a hacker to cause a service failure.
The vulnerability of the p11rpcbuffergetbytearrayvalue function in the library for working with PKCS P11-kit modules is related to writing beyond the buffer’s boundaries. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
ALPINE-CVE-2020-8623
In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: be running BIND tha...
Crypt::Perl Data Forgery Issue Vulnerability
Perl is a general-purpose, interpreted, dynamic, cross-platform programming language from the Perl community.Crypt:: Perl is one of the cryptographic modules. A data forgery issue vulnerability exists in Crypt::Perl::ECDSA in versions of Crypt::Perl prior to 0.32 Perl, which stems from a program...
Dell RSA BSAFE Crypto-J Encryption Issue Vulnerability
Dell RSA BSAFE Crypto-J is RSA's FIPS-validated Java cryptographic module. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5. An attacker could exploit this vulnerability to force both parties to compute the same predictable shared key...
kernel: crypto: privilege escalation in skcipher_recvmsg function
A flaw was found in the Linux kernel's skcipher component, which affects the skcipherrecvmsg function. Attackers using a specific input can lead to a privilege escalation...
CVE-2019-1706
A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance ASAv and Firepower 2100 Series running Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a...
Race condition
A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance ASAv and Firepower 2100 Series running Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a...