51 matches found
nebula-mesh: Decrypted CA private key persists in heap after signing
internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobilebundle.go:40 use the manager for one Sign...
GHSA-8H84-FHQQ-Q58V nebula-mesh: Decrypted CA private key persists in heap after signing
internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobilebundle.go:40 use the manager for one Sign...
PT-2026-48603
Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.7 Description Decrypted CA private keys persist in the process heap because the CAManager does not zeroise the plaintext ed25519.PrivateKey after use. This occurs when callers at internal/api/enroll.go:116,...
CVE-2026-43336
A flaw was found in the Linux kernel's ChaCha cryptographic algorithm implementation. The permutedstate local variable, which is sufficient to compute the original cryptographic key, was not properly zeroized before leaving its scope. This oversight could allow an attacker to recover the...
SUSE CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
EUVD-2026-28620
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
UBUNTU-CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
CVE-2026-43336 lib/crypto: chacha: Zeroize permuted_state before it leaves scope
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
CVE-2026-43336
CVE-2026-43336 – linux kernel ChaCha secret handling : The vulnerability arises in lib/crypto: chacha where the permuted_state is not zeroized before leaving scope, allowing the original state (and thus the key) to be inferred after the permutation. The documented fix is to explicitly zeroize per...
Linux Distros Unpatched Vulnerability : CVE-2026-43336
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to...
PT-2026-38987
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the lib/crypto component where the local variable permuted state is not cleared before leaving its scope. Because the ChaCha permutation is invertible, this variable can...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005085)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005085 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990291)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990291 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989804)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989804 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that...
EUVD-2022-0554
Malicious code in bioql PyPI...
CVE-2025-38613
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpibboardinfoioctl is showing up as initialized data on the stack frame being copyied back to userspace in function...
CLSA-2025-1744359874 Update of gnutls
fips: Zeroize temporary values in integrity check RHEL-21870...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-2201: Fixed information leak in x86/BHI bsc1217339. CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers bsc1228483. CVE-2024-42098:...