Description
A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
Published: 2026-06-16
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability occurs in GnuTLS’s PIN management routine. When an attacker calls gnutls_pkcs11_token_set_pin to change the Security Officer PIN with a NULL old PIN on a token that lacks a protected authentication path, a use‑after‑free is triggered. This results in memory corruption and is identified as CWE‑825.

Affected Systems

Red Hat Enterprise Linux versions 10, 6, 7, 8, 9, including Red Hat Hardened Images, as well as Red Hat OpenShift Container Platform 4. All affected systems ship the vulnerable GnuTLS package; the advisory RHSA‑2026:20611–13 applies to these distributions, but specific package versions are not listed in the CVE data.

Risk and Exploitability

The CVSS score of 6.6 indicates moderate severity, while an EPSS score of less than 1% suggests the likelihood of exploitation is low. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely require local or privileged access to a PKCS#11 token and the ability to call the PIN‑change function; it is not an obvious remote attack vector.

Generated by OpenCVE AI on June 17, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Red Hat errata RHSA‑2026:20611/12/13 that contains the GnuTLS patch to update the library on all affected systems.
  • Ensure the system packages are refreshed to include the patched GnuTLS version.
  • As a temporary measure, avoid calling gnutls_pkcs11_token_set_pin with a NULL old PIN on tokens that lack a protected authentication path; always provide a valid old PIN value and confirm proper authentication before changing the PIN.

Generated by OpenCVE AI on June 17, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4595-1 gnutls28 security update
Debian DSA Debian DSA DSA-6281-1 gnutls28 security update
Ubuntu USN Ubuntu USN USN-8284-1 GnuTLS vulnerabilities
History

Tue, 30 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
References

Mon, 29 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.4::appstream
cpe:/o:redhat:rhel_e4s:9.4::baseos
References

Mon, 29 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus Long Life
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_eus_long_life:8.6::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus Long Life
Redhat rhel Tus
References

Fri, 26 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.6::appstream
cpe:/o:redhat:rhel_eus:9.6::baseos
Vendors & Products Redhat rhel Eus
References

Thu, 25 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Title Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin Gnutls: gnutls: use-after-free in gnutls_pkcs11_token_set_pin

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu gnutls
Redhat hardened Images
Redhat openshift Container Platform
Vendors & Products Gnu
Gnu gnutls
Redhat hardened Images
Redhat openshift Container Platform

Tue, 16 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Eus
Redhat rhui
CPEs cpe:/a:redhat:rhui:5::el9
cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products Redhat enterprise Linux Eus
Redhat rhui
References

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
Title Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Weaknesses CWE-825
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10.2
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H'}


Subscriptions

Gnu Gnutls
Redhat Discovery Enterprise Linux Enterprise Linux Eus Hardened Images Hummingbird Openshift Openshift Container Platform Rhel Aus Rhel E4s Rhel Eus Rhel Eus Long Life Rhel Tus Rhui
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-30T02:10:23.486Z

Reserved: 2026-04-23T11:23:46.517Z

Link: CVE-2026-42014

cve-icon Vulnrichment

Updated: 2026-06-16T15:22:25.722Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T02:16:19.140

Modified: 2026-06-16T15:26:04.250

Link: CVE-2026-42014

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:06:14Z

Weaknesses
  • CWE-825

    Expired Pointer Dereference