First published: Mon Feb 12 2024(Updated: )
The Use After Free vulnerability was identified within the AuthentIC driver in OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls or modifies cards. An attacker must have physical access to the computer system to take advantage of this flaw. The attack requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can potentially allow for compromising card management operations during enrollment. Originally reported by OSS-fuzz automated service.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Opensc Project Opensc | <0.25.0 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 | |
Fedoraproject Fedora | =40 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.