CVE-2022-2993 bt: host: Wrong key validation check

There is an error in the condition of the last if-statement in the function smpcheckkeys. It was rejecting current keys if all requirements were unmet...

PT-2022-19913 · Zephyrproject +1 · Zephyr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to an error in the condition of the last if-statement in the function smp check keys. This error caused the function to reject...

GHSA-2WC6-2RCJ-8V76 scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...