Fixed
Created: Mar 18, 2024
Updated: Apr 27, 2024
Resolved Date: Apr 19, 2024
Found In Version: 10.23.30.1
Fix Version: 10.23.30.9
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:
crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
When the mpi_ec_ctx structure is initialized, some fields are not
cleared, causing a crash when referencing the field when the
structure was released. Initially, this issue was ignored because
memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.
For example, this error will be triggered when calculating the
Za value for SM2 separately.
CREATE(Triage):(User=admin) CVE-2023-52616 (https://nvd.nist.gov/vuln/detail/CVE-2023-52616)
