VDB
CVE-2024-0914
CVE-2024-0914
PUBLISHED
Es besteht eine Schwachstelle in Red Hat Enterprise Linux in "opencryptoki". Dieser Fehler besteht in der Handhabung von RSA PKCS#1-Chiffretexten aufgrund eines Timing-Seitenkanalproblems, das die Entschlüsselung von RSA-Chiffretexten ermöglicht. Ein Angreifer kann diese Schwachstelle ausnutzen, um kryptografische Sicherheitsmechanismen zu umgehen.
EPSS 0.42% · 62.4th percentile
Risk Scores
EPSS Score
0.42%
62.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Linux | |
| IBM | IBM AIX <=7.3 | |
| SUSE | SUSE Linux | |
| IBM | IBM AIX <=7.2 | |
| Red Hat | Red Hat Enterprise Linux | |
| Red Hat | Red Hat Enterprise Linux opencryptoki <=1.5 | |
| RESF | RESF Rocky Linux | |
| Red Hat | Red Hat Enterprise Linux opencryptoki <=2.2 |
Timeline
- Jan 31, 2024 CVE Published
- Jan 31, 2024 PoC Published
- Jan 31, 2024 PoC Published
- Feb 8, 2024 EPSS Score
- Feb 19, 2024 PoC Published
- Mar 6, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- Apr 29, 2024 EPSS Score
- May 27, 2024 EPSS Score
- Jun 23, 2024 EPSS Score
- Jul 20, 2024 EPSS Score
- Aug 20, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0582.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0582 advisory
- https://access.redhat.com/errata/RHSA-2024:1239 advisory
- https://linux.oracle.com/errata/ELSA-2024-1239.html advisory
- https://access.redhat.com/errata/RHSA-2024:1411 advisory
- https://access.redhat.com/errata/RHSA-2024:1608 advisory
- https://linux.oracle.com/errata/ELSA-2024-1608.html advisory
- https://errata.build.resf.org/RLSA-2024:1608 advisory
- https://access.redhat.com/errata/RHSA-2024:1856 advisory
- https://access.redhat.com/errata/RHSA-2024:1992 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-April/018430.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-July/018865.html advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1276.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1276 advisory
- https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc advisory
- https://www.ibm.com/support/pages/node/7155796 advisory