Use-After-Free Vulnerability in AuthentIC Driver Could Lead to Compromised Card Management Operations
CVE-2024-1454

3.4LOW

Key Information:

Vendor: Red Hat
Status: Opensc; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 12 February 2024

Summary

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

References

https://access.redhat.com/security/cve/CVE-2024-1454

vdb-entryx_refsource_REDHAT

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898

https://bugzilla.redhat.com/show_bug.cgi?id=2263929

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 12, 2024
Vulnerability Reserved
Feb 12, 2024

Collectors

NVD DatabaseMitre Database