CVE-2024-56681 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error. For an example, ahash_init will return -ENOMEM when allocation memory is error.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/05f0a3f5477ecaa1cf46448504afe9e7c2e96fcc
https://git.kernel.org/stable/c/19630cf57233e845b6ac57c9c969a4888925467b
https://git.kernel.org/stable/c/28f8ffa945f7d7150463e15097ea73b19529d6f5
https://git.kernel.org/stable/c/4ea3e3b761e371102bb1486778e2f8dbc9e37413
https://git.kernel.org/stable/c/75e1e38e5d80d6d9011b7322698ffba3dd3db30a
https://git.kernel.org/stable/c/8f1a9a960b1107bd0e0ec3736055f5ed0e717edf
https://git.kernel.org/stable/c/ae5253313e0ea5f00c06176074592b7f493c8546
https://git.kernel.org/stable/c/bba9e38c5ad41d0a88b22a59e5b6dd3e31825118
https://git.kernel.org/stable/c/ee36db8e8203420e6d5c42eb9428920c2fc36532
https://lore.kernel.org/linux-cve-announce/2024122832-CVE-2024-56681-d0c0@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-56681
https://www.cve.org/CVERecord?id=CVE-2024-56681

History

Thu, 13 Feb 2025 00:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-253
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 30 Dec 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024122832-CVE-2024-56681-d0c0@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-56681 https://www.cve.org/CVERecord?id=CVE-2024-56681
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Sat, 28 Dec 2024 10:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error. For an example, ahash_init will return -ENOMEM when allocation memory is error.
Title		crypto: bcm - add error check in the ahash_hmac_init function
References		https://git.kernel.org/stable/c/05f0a3f5477ecaa1cf46448504afe9e7c2e96fcc https://git.kernel.org/stable/c/19630cf57233e845b6ac57c9c969a4888925467b https://git.kernel.org/stable/c/28f8ffa945f7d7150463e15097ea73b19529d6f5 https://git.kernel.org/stable/c/4ea3e3b761e371102bb1486778e2f8dbc9e37413 https://git.kernel.org/stable/c/75e1e38e5d80d6d9011b7322698ffba3dd3db30a https://git.kernel.org/stable/c/8f1a9a960b1107bd0e0ec3736055f5ed0e717edf https://git.kernel.org/stable/c/ae5253313e0ea5f00c06176074592b7f493c8546 https://git.kernel.org/stable/c/bba9e38c5ad41d0a88b22a59e5b6dd3e31825118 https://git.kernel.org/stable/c/ee36db8e8203420e6d5c42eb9428920c2fc36532

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-28T09:46:09.675Z

Updated: 2025-01-20T06:25:49.791Z

Reserved: 2024-12-27T15:00:39.846Z

Link: CVE-2024-56681

Vulnrichment

No data.

NVD

Status : Received

Published: 2024-12-28T10:15:09.967

Modified: 2024-12-28T10:15:09.967

Link: CVE-2024-56681

Redhat

Severity : Low

Publid Date: 2024-12-28T00:00:00Z

Links: CVE-2024-56681 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object