Description
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
Published: 2026-03-26
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (application)
Action: Apply Patch
AI Analysis

Impact

A flaw in p11-kit allows a remote attacker to invoke the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derived mechanism parameters set to NULL. This can cause the RPC client to attempt to return an uninitialized value, potentially leading to a NULL dereference or other undefined behavior that may result in application‑level denial of service or unpredictable system states.

Affected Systems

Red Hat Enterprise Linux 10, 6, 7, 8, and 9; Red Hat Hardened Images; Red Hat OpenShift Container Platform 4. Version details are not specified in the CNA data, so any installation that uses the affected p11-kit library is potentially impacted.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.3, indicating moderate severity. EPSS is reported as < 1 %, implying a very low probability of exploitation in the wild. The issue is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is a remote RPC call to a token that accepts the specific null parameters; an attacker would need remote access to the token’s interface to trigger the vulnerability and cause denial of service or instability. This interpretation is inferred from the description and is not explicitly documented in the CVE data. No CNA workaround is available that meets Red Hat’s security criteria, so no suitable alternative exists.

Generated by OpenCVE AI on April 15, 2026 at 16:40 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Update p11-kit to a version that includes the fix once it is released by Red Hat.
  • Add input validation to ensure that parameters passed to C_DeriveKey are not NULL before invoking the function.
  • Restrict remote RPC token usage or isolate affected services to prevent exploitation and monitor for crashes or abnormal behavior.

Generated by OpenCVE AI on April 15, 2026 at 16:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared P11-kit Project
P11-kit Project p11-kit
Redhat hardened Images
CPEs cpe:2.3:a:p11-kit_project:p11-kit:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products P11-kit Project
P11-kit Project p11-kit
Redhat hardened Images

Thu, 09 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Thu, 26 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Thu, 26 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
Title p11-kit: p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References

Sat, 07 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title p11-kit: p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters
Weaknesses CWE-824
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Moderate

Subscriptions

P11-kit Project P11-kit
Redhat Enterprise Linux Hardened Images Hummingbird Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-21T15:33:37.011Z

Reserved: 2026-02-06T12:05:50.501Z

Link: CVE-2026-2100

cve-icon Vulnrichment

Updated: 2026-03-26T20:30:48.552Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T21:17:04.247

Modified: 2026-04-21T15:28:11.817

Link: CVE-2026-2100

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-06T08:08:00Z

Links: CVE-2026-2100 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:45:09Z

Weaknesses