{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42229", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.250Z", "datePublished": "2024-07-30T07:47:09.817Z", "dateUpdated": "2024-09-11T17:34:32.961Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-30T07:47:09.817Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/aead.c", "crypto/cipher.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "9db8c299a521", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "71dd42861537", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "28c8d274848f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "b502d4a08875", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f58679996a83", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "23e4099bdc3c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/aead.c", "crypto/cipher.c"], "versions": [{"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133"}, {"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d"}, {"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534"}, {"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb"}, {"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e"}, {"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210"}], "title": "crypto: aead,cipher - zeroize key buffer after use", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.567Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:28.221263Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:32.961Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.567Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:28.221263Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.383Z"}}], "cna": {"title": "crypto: aead,cipher - zeroize key buffer after use", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "9db8c299a521", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "71dd42861537", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "28c8d274848f", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "b502d4a08875", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f58679996a83", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "23e4099bdc3c", "versionType": "git"}], "programFiles": ["crypto/aead.c", "crypto/cipher.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.222", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.163", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.98", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["crypto/aead.c", "crypto/cipher.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133"}, {"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d"}, {"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534"}, {"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb"}, {"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e"}, {"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-30T07:47:09.817Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42229", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:32.961Z", "dateReserved": "2024-07-30T07:40:12.250Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:47:09.817Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ADFA1F9-906A-4D75-8667-7FECEF422B59", "versionEndExcluding": "5.10.222", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD", "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E09E92A5-27EF-40E4-926A-B1CDC8270551", "versionEndExcluding": "6.1.98", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970", "versionEndExcluding": "6.6.39", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: aead,cipher - poner a cero el b\u00fafer de claves despu\u00e9s de su uso IG 9.7.B para FIPS 140-3 especifica que las variables que contienen temporalmente informaci\u00f3n criptogr\u00e1fica deben ponerse a cero una vez que ya no sean necesarias. Logre esto usando kfree_SENSITIVE para los b\u00fafers que anteriormente conten\u00edan la clave privada."}], "id": "CVE-2024-42229", "lastModified": "2024-07-30T19:46:56.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-30T08:15:08.070", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: crypto: aead,cipher - zeroize key buffer after use", "id": "2301546", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301546"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-244", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncrypto: aead,cipher - zeroize key buffer after use\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42229", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42229\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42229\nhttps://lore.kernel.org/linux-cve-announce/2024073039-CVE-2024-42229-8a13@gregkh/T"], "threat_severity": "Moderate"}