In the Linux kernel, the following vulnerability has been resolved:
crypto: aead,cipher - zeroize key buffer after use
I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding
cryptographic information should be zeroized once they are no longer
needed. Accomplish this by using kfree_sensitive for buffers that
previously held the private key.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210 - Patch | |
References | () https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534 - Patch | |
References | () https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d - Patch | |
References | () https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133 - Patch | |
References | () https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb - Patch | |
References | () https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e - Patch |
08 Nov 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jul 2024, 19:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Linux
Linux linux Kernel |
|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.1 |
References | () https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210 - Patch | |
References | () https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534 - Patch | |
References | () https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d - Patch | |
References | () https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133 - Patch | |
References | () https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb - Patch | |
References | () https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e - Patch |
30 Jul 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Jul 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-30 08:15
Updated : 2024-11-21 09:33
NVD link : CVE-2024-42229
Mitre link : CVE-2024-42229
CVE.ORG link : CVE-2024-42229
JSON object : View
Products Affected
linux
- linux_kernel
CWE