Main Vulnerability Database SB20260429103

SB20260429103 - SUSE update for openCryptoki

Published: April 29, 2026

Security Bulletin ID SB20260429103

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2026-40253)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.

The vulnerability exists due to out-of-bounds read in BER/DER decoding functions in usr/lib/common/asn1.c when parsing malformed BER-encoded cryptographic objects with attacker-controlled length fields. A remote attacker can supply a specially crafted key or certificate to disclose sensitive information and cause a denial of service.

The issue affects the shared common library and impacts all token backends, including Soft, ICA, CCA, TPM, EP11, and ICSF.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20261658-1/

Vulnerable Software

openCryptoki: before 3.23.0-150500.3.15.1
openCryptoki-devel: before 3.23.0-150500.3.15.1
openCryptoki-devel-debuginfo: before 3.23.0-150500.3.15.1
openCryptoki-debuginfo: before 3.23.0-150500.3.15.1
openCryptoki-debugsource: before 3.23.0-150500.3.15.1
openCryptoki-32bit: before 3.23.0-150500.3.15.1
openCryptoki-32bit-debuginfo: before 3.23.0-150500.3.15.1
openCryptoki-64bit-debuginfo: before 3.23.0-150500.3.15.1
openCryptoki-64bit: before 3.23.0-150500.3.15.1
SUSE Linux Enterprise Micro: 5.5
openSUSE Leap: 15.5

SB20260429103 - SUSE update for openCryptoki

Breakdown by Severity

Description

Remediation

References

Please verify you're human