CVE-2024-42229

CVSS v3.1 4.1 (Medium)

EPSS 0.04 % (11^th)

Affected Products 1

Advisories 8

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

crypto: aead,cipher - zeroize key buffer after use

I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding
cryptographic information should be zeroized once they are no longer
needed. Accomplish this by using kfree_sensitive for buffers that
previously held the private key.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-07-30 08:15:08
(7 weeks ago)
Updated Date: 2024-07-30 19:46:56
(7 weeks ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 5.10.222 version	cpe:2.3:o:linux:linux_kernel		< 5.10.222
Linux Kernel from 5.11 version and prior 5.15.163 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.163
Linux Kernel from 5.16 version and prior 6.1.98 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.98
Linux Kernel from 6.2 version and prior 6.6.39 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.6.39
Linux Kernel from 6.7 version and prior 6.9.9 version	cpe:2.3:o:linux:linux_kernel	>= 6.7	< 6.9.9