5.5

CVE-2023-52616

crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init

In the Linux kernel, the following vulnerability has been resolved:

crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init

When the mpi_ec_ctx structure is initialized, some fields are not
cleared, causing a crash when referencing the field when the
structure was released. Initially, this issue was ignored because
memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.
For example, this error will be triggered when calculating the
Za value for SM2 separately.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10 < 5.10.210
LinuxLinux Kernel Version >= 5.11 < 5.15.149
LinuxLinux Kernel Version >= 5.16 < 6.1.79
LinuxLinux Kernel Version >= 6.2 < 6.6.15
LinuxLinux Kernel Version >= 6.7 < 6.7.3
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.136
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List
https://git.kernel.org/stable/c/0c3687822259a7628c85cd21a3445cbe3c367165
Patch
Mailing List
https://git.kernel.org/stable/c/2bb86817b33c9d704e127f92b838035a72c315b6
Patch
Mailing List
https://git.kernel.org/stable/c/7abdfd45a650c714d5ebab564bb1b988f14d9b49
Patch
Mailing List
https://git.kernel.org/stable/c/7ebf812b7019fd2d4d5a7ca45ef4bf3a6f4bda0a
Patch
Mailing List
https://git.kernel.org/stable/c/ba3c5574203034781ac4231acf117da917efcd2a
Patch
Mailing List
https://git.kernel.org/stable/c/bb44477d4506e52785693a39f03cdc6a2c5e8598
Patch
Mailing List