5933 matches found
CVE-2024-26800
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
CVE-2024-3296
CVE-2024-3296 involves the rust-openssl crate and a timing-based side-channel that could permit plaintext recovery over a network via a Bleichenbacher-style attack on the legacy PKCS#1v1.5 padding. An attacker would need to send many trial decryptions to achieve success. The connected documents c...
CVE-2024-3296
Removed by vendor...
DEBIAN-CVE-2024-26800
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
CVE-2024-26800
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
UBUNTU-CVE-2024-26800
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
CVE-2024-26800 tls: fix use-after-free on failed backlog decryption
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
CVE-2024-26800
The CVE-2024-26800 entry concerns a Linux kernel TLS use-after-free in backlog decryption. Root cause: when crypto_aead_decrypt returns -EBUSY (not EINPROGRESS), tls_do_decryption waits for async decryptions, but if any completes with a failure, the code releases pages that may still be held by a...
CVE-2024-26800 tls: fix use-after-free on failed backlog decryption
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
CVE-2024-26800
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
CVE-2024-26800 tls: fix use-after-free on failed backlog decryption
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
PT-2024-18128
Name of the Vulnerable Software and Affected Versions WolfSSL version 5.6.6 Description A Fault Injection vulnerability in the RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c allows a remote attacker co-residing in the same system with a victim process to disclose information and...
CVE-2024-26800
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
CVE-2024-3296
A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...
AlmaLinux 8 : grafana (ALSA-2024:1646)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:1646 advisory. - A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled...
Oracle Linux 8 : opencryptoki (ELSA-2024-1608)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1608 advisory. 3.21.0-10 - timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin Resolves: RHEL-22791 Tenable has extracted the preceding description blo...
kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client
An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...
opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RHEL 8 : kernel (RHSA-2024:1607)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1607 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vmwgfx: NULL pointer dereferen...