Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-50281

Nov. 19, 2024, 9:57 p.m.

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-11-19
CVE-2024-50281

Product(s) Impacted

Linux kernel

Description

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation When sealing or unsealing a key blob we currently do not wait for the AEAD cipher operation to finish and simply return after submitting the request. If there is some load on the system we can exit before the cipher operation is done and the buffer we read from/write to is already removed from the stack. This will e.g. result in NULL pointer dereference errors in the DCP driver during blob creation. Fix this by waiting for the AEAD cipher operation to finish before resuming the seal and unseal calls.

Weaknesses

Date

Published: Nov. 19, 2024, 2:16 a.m.

Last Modified: Nov. 19, 2024, 9:57 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

References

https://git.kernel.org/ 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/ 416baaa9-dc9f-4396-8d5f-8c081fb06d67