CVE-2024-1454

Name of the Vulnerable Software and Affected Versions OpenSC (affected versions not specified)

Description The issue is related to a use-after-free vulnerability found in the AuthentIC driver of OpenSC packages. This vulnerability occurs during the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs. This manipulation can allow for compromised card management operations during enrolment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.