In the Linux kernel, the following vulnerability has been resolved:
crypto: mxs-dcp - Ensure payload is zero when using key slot
We could leak stack memory through the payload field when running
AES with a key from one of the hardware's key slots. Fix this by
ensuring the payload field is set to 0 in such cases.
This does not affect the common use case when the key is supplied
from main memory via the descriptor payload.
Metrics
Affected Vendors & Products
References
History
Fri, 25 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-130 |
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 19 Aug 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Sat, 17 Aug 2024 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: crypto: mxs-dcp - Ensure payload is zero when using key slot We could leak stack memory through the payload field when running AES with a key from one of the hardware's key slots. Fix this by ensuring the payload field is set to 0 in such cases. This does not affect the common use case when the key is supplied from main memory via the descriptor payload. | |
Title | crypto: mxs-dcp - Ensure payload is zero when using key slot | |
References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-08-17T09:21:38.065Z
Updated: 2024-12-19T09:16:23.921Z
Reserved: 2024-08-17T09:11:59.270Z
Link: CVE-2024-43815
Vulnrichment
Updated: 2024-09-11T12:42:23.314Z
NVD
Status : Awaiting Analysis
Published: 2024-08-17T10:15:07.870
Modified: 2024-08-19T12:59:59.177
Link: CVE-2024-43815
Redhat