Skip to content

{bp-19230} drivers/crypto/pnt: Minor Overflow in Secure Element Driver May Cause a DoS#19263

Open
jerpelea wants to merge 1 commit into
apache:releases/13.0from
jerpelea:bp-19230
Open

{bp-19230} drivers/crypto/pnt: Minor Overflow in Secure Element Driver May Cause a DoS#19263
jerpelea wants to merge 1 commit into
apache:releases/13.0from
jerpelea:bp-19230

Conversation

@jerpelea

@jerpelea jerpelea commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary

Invalid data is passed to the NXP Plug & Trust Nano Package used by the NuttX secure element driver. If the NXP code is not handling the malformed data, a corruption can occur. Alternatively, if the attacker is able to point create_signature_args->algorithm in memory at an address that is not accessible, a crash can occur.

Applicable to:

  • signature_algorithm_mapping[create_signature_args->algorithm]
  • signature_algorithm_mapping[verify_signature_args->algorithm]

Impact

RELEASE

Testing

CI

@github-actions github-actions Bot added Size: S The size of the change in this PR is small Area: Crypto labels Jul 2, 2026

@cederom cederom left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @jerpelea :-) Mixed case identifiers come from the library code.

…ent Driver May Cause a DoS

Invalid data is passed to the NXP Plug & Trust Nano Package used by the
NuttX secure element driver. If the NXP code is not handling the malformed
data, a corruption can occur. Alternatively, if the attacker is able to
point create_signature_args->algorithm in memory at an address that is not
accessible, a crash can occur.

Applicable to:
* `signature_algorithm_mapping[create_signature_args->algorithm]`
* `signature_algorithm_mapping[verify_signature_args->algorithm]`

Signed-off-by: Catalin Visinescu <catalin_visinescu@yahoo.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Area: Crypto Size: S The size of the change in this PR is small

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants