CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster...

CVE-2024-21461

CVE-2024-21461 is a memory-corruption issue in the Keymaster finish-HMAC path triggered when the context is freed by Keymaster. Public details in connected docs indicate the vulnerability affects Android/Keymaster workflows and is rated HIGH severity with local access requirements (per CVSS). Exp...

CVE-2024-21461 Double Free in HLOS

Memory corruption while performing finish HMAC operation when context is freed by keymaster...

CVE-2024-21461 Double Free in HLOS

Memory corruption while performing finish HMAC operation when context is freed by keymaster...

PT-2024-18884 · Keymaster · Keymaster

Name of the Vulnerable Software and Affected Versions: Keymaster affected versions not specified Description: The issue involves memory corruption that occurs during the finish HMAC operation when the context is freed by the keymaster. This is a general information about the problem, but specific...

Mageia: Security Advisory (MGASA-2024-0238)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated python-authlib packages fix security vulnerability

Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

MGASA-2024-0238 Updated python-authlib packages fix security vulnerability

Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

SUSE CVE-2024-38612

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6init is wrong in case CONFIGIPV6SEG6LWTUNNEL is not defined. In that case if seg6hmacinit fails, the genlunregisterfamily isn't called. This issue exist since comm...

Important: booth

Issue Overview: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server. CVE-2024-3049 Affected Packages: booth Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Amazon Linux 2 : booth (ALAS-2024-2575)

The version of booth installed on the remote host is prior to 1.0-8.ef769ef.git. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2575 advisory. A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may all...

Important: booth

Issue Overview: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server. CVE-2024-3049 Affected Packages: booth Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

DEBIAN-CVE-2024-38612

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6init is wrong in case CONFIGIPV6SEG6LWTUNNEL is not defined. In that case if seg6hmacinit fails, the genlunregisterfamily isn't called. This issue exist since comm...

SUSE SLES15 Security Update : booth (SUSE-SU-2024:2062-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2062-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. bsc1226032 Tenable has...

SUSE-SU-2024:2063-1 Security update for booth

This update for booth fixes the following issues: - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. bsc1226032...

SUSE-SU-2024:2062-1 Security update for booth

This update for booth fixes the following issues: - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. bsc1226032...

SUSE SLES15 Security Update : booth (SUSE-SU-2024:2042-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2042-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. bsc1226032 Tenable has...

SUSE-SU-2024:2042-1 Security update for booth

This update for booth fixes the following issues: - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. bsc1226032...

SUSE-SU-2024:2041-1 Security update for booth

This update for booth fixes the following issues: - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. bsc1226032...

SUSE SLES15 / openSUSE 15 Security Update : booth (SUSE-SU-2024:2040-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2040-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. bsc1226032...