Vulnerabilities > CVE-2024-42229 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
HIGH Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key.
Vulnerable Configurations
References
- https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133
- https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d
- https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534
- https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb
- https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e
- https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210