CVE-2024-42229

MEDIUM EPSS 13.5%
Published Jul 30, 20241y ago · Modified Jun 17, 20261w ago
4.1 CVSS 3.1
Medium
Find Similar
Published Jul 30, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key.

CVSS Details

Base Score
4.1
Exploitability
0.5
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector Local
Attack Complexity High
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
13.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel* <5.10.222
linuxlinux_kernel*≥5.11  –  <5.15.163
linuxlinux_kernel*≥5.16  –  <6.1.98
linuxlinux_kernel*≥6.2  –  <6.6.39
linuxlinux_kernel*≥6.7  –  <6.9.9

References 9

  • git.kernel.org https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/89b9b6fa4463daf820e6a5ef65c3b0c2db239513
  • git.kernel.org https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b716e9c3603ee95ed45e938fe47227d22cf3ec35
  • git.kernel.org https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e
    Patch