48 matches found
CVE-2026-43336
A flaw was found in the Linux kernel's ChaCha cryptographic algorithm implementation. The permutedstate local variable, which is sufficient to compute the original cryptographic key, was not properly zeroized before leaving its scope. This oversight could allow an attacker to recover the...
SUSE CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
EUVD-2026-28620
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
UBUNTU-CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
CVE-2026-43336 lib/crypto: chacha: Zeroize permuted_state before it leaves scope
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
CVE-2026-43336
CVE-2026-43336 – linux kernel ChaCha secret handling : The vulnerability arises in lib/crypto: chacha where the permuted_state is not zeroized before leaving scope, allowing the original state (and thus the key) to be inferred after the permutation. The documented fix is to explicitly zeroize per...
PT-2026-38987
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the lib/crypto component where the local variable permuted state is not cleared before leaving its scope. Because the ChaCha permutation is invertible, this variable can...
Linux Distros Unpatched Vulnerability : CVE-2026-43336
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher – The key buffer is zeroed after use. I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroed once they are no longer needed. This is achieved by using...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005085)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005085 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990291)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990291 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989804)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989804 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that...
EUVD-2022-0554
Malicious code in bioql PyPI...
CVE-2025-38613
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpibboardinfoioctl is showing up as initialized data on the stack frame being copyied back to userspace in function...
CLSA-2025-1744359874 Update of gnutls
fips: Zeroize temporary values in integrity check RHEL-21870...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-2201: Fixed information leak in x86/BHI bsc1217339. CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers bsc1228483. CVE-2024-42098:...
SUSE-SU-2025:1027-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-2201: Fixed information leak in x86/BHI bsc1217339. - CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers bsc1228483. -...