UBUNTU-CVE-2024-1454

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-1454

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-1454.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-1454

Related

CVE-2024-1454

Published

2024-02-12T23:15:00Z

Modified

2024-10-18T16:28:00Z

Severity

3.4 (Low) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

References

Affected packages

Ubuntu:Pro:16.04:LTS / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.15.0-1ubuntu1

0.15.0-1ubuntu1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.17.0-1

0.17.0-2

0.17.0-2build1

0.17.0-3

0.17.0-3ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.19.0-2

0.20.0-1

0.20.0-2

0.20.0-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.21.0-1ubuntu1

0.22.0-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.25.0~rc1-1build2

0.25.1-1

0.25.1-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23.0-1ubuntu4

0.24.0~rc1-1

0.25.0~rc1-1

0.25.0~rc1-1build1

0.25.0~rc1-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}