CVE-2024-2881

Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:wolfssl:wolfssl:5.6.6:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

04 Sep 2024, 14:27

Type Values Removed Values Added
CWE CWE-74
CVSS v2 : unknown
v3 : 6.7
v2 : unknown
v3 : 8.8
Summary
  • (es) La vulnerabilidad de inyección de fallas en la función wc_ed25519_sign_msg en wolfssl/wolfcrypt/src/ed25519.c en WolfSSL wolfssl5.6.6 en Linux/Windows permite a un atacante remoto residir en el mismo sistema con un proceso víctima para divulgar información y escalar privilegios a través de la inyección de fallas de Rowhammer a la estructura ed25519_key.
References () https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable - () https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable - Release Notes
First Time Linux linux Kernel
Microsoft windows
Microsoft
Wolfssl
Linux
Wolfssl wolfssl
CPE cpe:2.3:a:wolfssl:wolfssl:5.6.6:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

30 Aug 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-30 00:15

Updated : 2024-09-04 14:27


NVD link : CVE-2024-2881

Mitre link : CVE-2024-2881

CVE.ORG link : CVE-2024-2881


JSON object : View

Products Affected

linux

  • linux_kernel

wolfssl

  • wolfssl

microsoft

  • windows
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-1256

Hardware Features Enable Physical Attacks from Software

CWE-252

Unchecked Return Value