CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210	Patch
https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534	Patch
https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d	Patch
https://git.kernel.org/stable/c/89b9b6fa4463daf820e6a5ef65c3b0c2db239513
https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133	Patch
https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb	Patch
https://git.kernel.org/stable/c/b716e9c3603ee95ed45e938fe47227d22cf3ec35
https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e	Patch
https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210	Patch
https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534	Patch
https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d	Patch
https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133	Patch
https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb	Patch
https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-07-30 08:15

Updated : 2024-11-21 09:33

NVD link : CVE-2024-42229

Mitre link : CVE-2024-42229

CVE.ORG link : CVE-2024-42229

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

{"id": "CVE-2024-42229", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}]}, "published": "2024-07-30T08:15:08.070", "references": [{"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/89b9b6fa4463daf820e6a5ef65c3b0c2db239513", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b716e9c3603ee95ed45e938fe47227d22cf3ec35", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: aead,cipher - poner a cero el b\u00fafer de claves despu\u00e9s de su uso IG 9.7.B para FIPS 140-3 especifica que las variables que contienen temporalmente informaci\u00f3n criptogr\u00e1fica deben ponerse a cero una vez que ya no sean necesarias. Logre esto usando kfree_SENSITIVE para los b\u00fafers que anteriormente conten\u00edan la clave privada."}], "lastModified": "2024-11-21T09:33:45.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ADFA1F9-906A-4D75-8667-7FECEF422B59", "versionEndExcluding": "5.10.222"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD", "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E09E92A5-27EF-40E4-926A-B1CDC8270551", "versionEndExcluding": "6.1.98", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970", "versionEndExcluding": "6.6.39", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}