Use-After-Free Vulnerability in AuthentIC Driver Could Lead to Compromised Card Management Operations
CVE-2024-1454

3.4LOW

Key Information:

Status
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
12 February 2024

What is CVE-2024-1454?

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2024-1454
vdb-entryx_refsource_REDHAT
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
https://bugzilla.redhat.com/show_bug.cgi?id=2263929
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
3.4
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.