vulnerability

Alpine Linux: CVE-2024-1454: Use After Free

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:L/AC:H/Au:N/C:P/I:P/A:N)	Feb 12, 2024	Aug 22, 2024	Dec 5, 2025

Severity

CVSS

(AV:L/AC:H/Au:N/C:P/I:P/A:N)

Published

Feb 12, 2024

Added

Aug 22, 2024

Modified

Dec 5, 2025

Description

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

Solution

alpine-linux-upgrade-opensc

References

CVE-2024-1454
https://attackerkb.com/topics/CVE-2024-1454
URL-https://security.alpinelinux.org/vuln/CVE-2024-1454
CWE-416

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today