2263929 – (CVE-2024-1454) CVE-2024-1454 opensc: Memory use after free in AuthentIC driver when updating token info

Bug 2263929 (CVE-2024-1454) - CVE-2024-1454 opensc: Memory use after free in AuthentIC driver when updating token info

Summary: CVE-2024-1454 opensc: Memory use after free in AuthentIC driver when updating...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2024-1454
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2263930
Blocks:	2263926
TreeView+	depends on / blocked

Reported:	2024-02-12 20:52 UTC by Marco Benatto
Modified:	2024-02-12 21:58 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.
Clone Of:
Environment:
Last Closed:	2024-02-12 21:00:29 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marco Benatto 2024-02-12 20:52:30 UTC

The Use After Free vulnerability was identified within the AuthentIC driver in OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls or modifies cards. An attacker must have physical access to the computer system to take advantage of this flaw. The attack requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can potentially allow for compromising card management operations during enrollment.

Originally reported by OSS-fuzz automated service.

Comment 1 Marco Benatto 2024-02-12 20:52:44 UTC

Created opensc tracking bugs for this issue:

Affects: fedora-all [bug 2263930]

Comment 2 Marco Benatto 2024-02-12 20:59:56 UTC

Upstream commit for this issue:
https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9

Note You need to log in before you can comment on or make changes to this bug.