CVE-2024-43815

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, specifically in the crypto: mxs-dcp module. The issue allowed stack memory to leak through the payload field when running AES with a key from one of the hardware's key slots. This was fixed by ensuring the payload field is set to 0 in such cases. The common use case, where the key is supplied from main memory via the descriptor payload, is not affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.