Bugzilla – Bug 1215763
VUL-0: CVE-2023-4535: opensc: out-of-bounds read in MyEID driver handling encryption using symmetric keys
Last modified: 2024-06-10 12:43:04 UTC
An out-of-bounds read in MyEID driver handling encryption using symmetric keys. An attacker with physical access to the computer running opensc and crafted USB device or smart card that would present the system with specially crafted responses to the APDUs so they are considered a high-complexity and low-severity. This issue is in the code handling symmetric keys, which are not widely used for example for desktop login so most of the deployments are not affected. https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4535 https://bugzilla.redhat.com/show_bug.cgi?id=2240914
I agree that this issue is fixed with commit f1993dc4e0b33050b8f72a3558ee88b24c4063b2 (myeid: fixed CID 380538 Out-of-bounds read (OVERRUN)) and was introduced by c852236e8368b47b38d89b1b7fb2dbd78753e109 (MyEID driver: support for symmetric crypt). The whole function/functionality is missing in versions before that commit. So only 0.23.0 should be affected. I would say it's a copy-paste error if they are mentioning affected versions: OpenSC 0.17.0 - 0.23.0. Patch is ready in my branch and will be submitted with other CVEs soon.
Submitted here: > https://build.opensuse.org/request/show/1116670 ALP submission will continue once this one will be accepted.
> Codestream Request > ------------------------------------------------------------------------ > openSUSE:Factory https://build.opensuse.org/request/show/1116670 > SUSE:ALP:Source:Standard:1.0 https://build.suse.de/request/show/310145 > SLE-15-SP4_Update not affected > SLE-15-SP1_Update not affected > SLE-12_Update not affected Assigning back to security team
All done, closing.