In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key.
| Product | Vendor | Version |
|---|---|---|
| Linux | Linux | Kernel |
| Linux | Linux | < 5.* |
| Linux | Linux | QCA6564A |
| Linux | Linux | Snapdragon 480+ 5G Mobile Platform (SM4350-AC) |