CVE-2024-42229CVSS 4.1Linux
CVE-2024-42229: linux kernel vulnerability
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key.
- CVSS
- 4.1 MEDIUM
- EPSS
- 13.55%
- Активно використовується
- немає в KEV
- Продукт
- linux kernel
Що відомо
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key.