CVE-2024-43815
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: mxs-dcp - Ensure payload is zero when using key slot
We could leak stack memory through the payload field when running AES with a key from one of the hardware's key slots. Fix this by ensuring the payload field is set to 0 in such cases.
This does not affect the common use case when the key is supplied from main memory via the descriptor payload.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 3d16af0b4cfac4b2c3b238e2ec37b38c2f316978 < e1640fed0377bf7276efb70d03cb821a6931063d | affected |
| Linux | Linux | 3d16af0b4cfac4b2c3b238e2ec37b38c2f316978 < dd52b5eeb0f70893f762da7254e923fd23fd1379 | affected |
| Linux | Linux | 6.10 | affected |
| Linux | Linux | 0 < 6.10 | unaffected |
| Linux | Linux | 6.10.3 <= 6.10.* | unaffected |
| Linux | Linux | 6.11 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/e1640fed0377bf7276efb70d03cb821a6931063d
- https://git.kernel.org/stable/c/dd52b5eeb0f70893f762da7254e923fd23fd1379
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.