CVE-2026-42014

Summary

A flaw was found in GnuTLS. The gnutls_pkcs11_token_set_pin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:3.8.10-4.el10_2 < *unaffected
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:3.8.9-9.el10_0.19 < *unaffected
Red HatRed Hat Enterprise Linux 80:3.6.16-8.el8_10.6 < *unaffected
Red HatRed Hat Enterprise Linux 80:3.6.16-8.el8_10.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:3.6.14-10.el8_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:4.13-3.el8_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:3.6.14-10.el8_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:4.13-3.el8_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:3.6.16-5.el8_6.5 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:4.13-3.el8_6.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On0:3.6.16-5.el8_6.5 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On0:4.13-3.el8_6.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:3.6.16-7.el8_8.4 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:4.13-4.el8_8.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:3.6.16-7.el8_8.4 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:4.13-4.el8_8.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.8.10-4.el9_8 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.8.10-4.el9_8 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Update Services for SAP Solutions0:3.8.3-4.el9_4.6 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:3.8.3-6.el9_6.4 < *unaffected
Red HatRed Hat Discovery 21782159791 < *unaffected
Red HatRed Hat Discovery 21782166952 < *unaffected
Red HatRed Hat Update Infrastructure 51781525684 < *unaffected
Red HatRed Hat Update Infrastructure 51781525671 < *unaffected
Red HatRed Hat Update Infrastructure 51781525693 < *unaffected
Red HatRed Hat Update Infrastructure 51781525739 < *unaffected

Weaknesses

  • CWE-825: Expired Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References