CVE-2024-42155

Summary

In the Linux kernel, the following vulnerability has been resolved:

s390/pkey: Wipe copies of protected- and secure-keys

Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or secure-keys from stack, even in case of an error.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe80d4af0a320972aac58e2004d0ba4e44ef4c5c7 < c746f7ced4ad88ee48d0b6c92710e4674403185baffected
LinuxLinuxe80d4af0a320972aac58e2004d0ba4e44ef4c5c7 < f2ebdadd85af4f4d0cae1e5d009c70eccc78c207affected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux6.9.9 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References