SB2026071948 - openEuler 24.03 LTS SP3 update for edk2
Published: July 19, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2026-42766)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to NULL pointer dereference in password-based CMS decryption when processing a specially crafted CMS message with an absent PasswordRecipientInfo.keyDerivationAlgorithm field. A remote attacker can send a specially crafted CMS message to cause a denial of service.
Applications that process password-encrypted CMS messages may be affected.
2) NULL pointer dereference (CVE-ID: CVE-2026-42767)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to NULL pointer dereference in CRMF EncryptedValue decryption when processing a crafted CMP response containing an EncryptedValue structure with an algorithm OID but no parameters field. A remote attacker can send a crafted CMP response to cause a denial of service.
The issue can be triggered by an attacker-controlled CMP server or a man-in-the-middle.
3) Observable discrepancy (CVE-ID: CVE-2026-42768)
CWE-ID: CWE-203 - Observable discrepancy
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to decrypt or sign messages with the victim's private RSA key.
The vulnerability exists due to observable discrepancy in error handling in CMS_decrypt() and PKCS7_decrypt() when processing attacker-supplied CMS or S/MIME messages and exposing decryption errors or output differences. A remote attacker can send crafted messages and observe the application's responses to decrypt or sign messages with the victim's private RSA key.
The attack requires the application to expose the error code and/or decryption output in a way that can be observed by the attacker.
Remediation
Install update from vendor's website.