Rapid7 Vulnerability & Exploit Database

Alpine Linux: CVE-2024-1454: Use After Free

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Alpine Linux: CVE-2024-1454: Use After Free

Severity
3
CVSS
(AV:L/AC:H/Au:N/C:P/I:P/A:N)
Published
02/12/2024
Created
08/23/2024
Added
08/22/2024
Modified
08/23/2024

Description

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

Solution(s)

  • alpine-linux-upgrade-opensc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;