vulnerability

Oracle Linux: CVE-2019-20792: ELSA-2020-4483: opensc security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Severity
6
CVSS
(AV:L/AC:H/Au:N/C:C/I:C/A:C)
Published
Jan 4, 2020
Added
Nov 13, 2020
Modified
Nov 30, 2024

Description

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
A use-after-free vulnerability was discovered in OpenSC while disconnecting a smart card. This flaw allows a physical attacker to exploit this vulnerability by inserting and removing a malicious smart card, handled by the coolkey driver, that could potentially execute code on the target system, with privileges that depend on the particular configuration and system that makes use of the OpenSC library.

Solution

oracle-linux-upgrade-opensc
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.