CVE-2024-45615

2024-09-0300:00:00

ubuntu.com

opensc

pkcs#11 module

ctk

usb device

smart card

buffer access

unix

CVSS3

3.9

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

Confidence

Low

EPSS

Percentile

13.4%

JSON

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module,
minidriver, and CTK. An attacker could use a crafted USB Device or Smart
Card, which would present the system with a specially crafted response to
APDUs. When buffers are partially filled with data, initialized parts of
the buffer can be incorrectly accessed.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopensc< anyUNKNOWN
ubuntu20.04noarchopensc< anyUNKNOWN
ubuntu22.04noarchopensc< anyUNKNOWN
ubuntu24.04noarchopensc< anyUNKNOWN
ubuntu16.04noarchopensc< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	opensc	< any	UNKNOWN
ubuntu	20.04	noarch	opensc	< any	UNKNOWN
ubuntu	22.04	noarch	opensc	< any	UNKNOWN
ubuntu	24.04	noarch	opensc	< any	UNKNOWN
ubuntu	16.04	noarch	opensc	< any	UNKNOWN