U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2024-42229 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210 Patch 
https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534 Patch 
https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d Patch 
https://git.kernel.org/stable/c/89b9b6fa4463daf820e6a5ef65c3b0c2db239513
https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133 Patch 
https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb Patch 
https://git.kernel.org/stable/c/b716e9c3603ee95ed45e938fe47227d22cf3ec35
https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e Patch 

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-Other Other cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-42229
NVD Published Date:
07/30/2024
NVD Last Modified:
11/08/2024
Source:
kernel.org