{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"opencryptoki security update", "category":"general", "title":"Synopsis" }, { "text":"An update for opencryptoki is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"openCryptoki is an implementation of the PKCS #11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the application also provides an added level of security. The openCryptoki API provides a standard programming interface between applications and all kinds of portable cryptographic devices.\n\nSecurity Fix(es):\n\nopenCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key and invoking C_WrapKey. This can lead to heap corruption, or denial-of-service.(CVE-2026-22791)\n\nopenCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token directories, resulting in privilege escalation or data exposure. Token and lock directories are 0770 (group-writable for token users), so any token-group member can plant files and symlinks inside them. When run as root, the base code handling token directory file access, as well as several openCryptoki tools used for administrative purposes, may reset ownership or permissions on existing files inside the token directories. An attacker with token-group membership can exploit the system when an administrator runs a PKCS#11 application or administrative tool that performs chown on files inside the token directory during normal maintenance. This issue is fixed in commit 5e6e4b4, but has not been included in a released version at the time of publication.(CVE-2026-23893)", "category":"general", "title":"Description" }, { "text":"An update for opencryptoki is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"opencryptoki", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1320", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1320" }, { "summary":"CVE-2026-22791", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-22791&packageName=opencryptoki" }, { "summary":"CVE-2026-23893", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23893&packageName=opencryptoki" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22791" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23893" }, { "summary":"openEuler-SA-2026-1320 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1320.json" } ], "title":"An update for opencryptoki is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2026-02-10T14:30:10+08:00", "revision_history":[ { "date":"2026-02-10T14:30:10+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-02-10T14:30:10+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-02-10T14:30:10+08:00", "id":"openEuler-SA-2026-1320", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"opencryptoki-help-3.26.0-1.oe2403.noarch.rpm", "name":"opencryptoki-help-3.26.0-1.oe2403.noarch.rpm" }, "name":"opencryptoki-help-3.26.0-1.oe2403.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"opencryptoki-3.26.0-1.oe2403.aarch64.rpm", "name":"opencryptoki-3.26.0-1.oe2403.aarch64.rpm" }, "name":"opencryptoki-3.26.0-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64.rpm", "name":"opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64.rpm" }, "name":"opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"opencryptoki-debugsource-3.26.0-1.oe2403.aarch64.rpm", "name":"opencryptoki-debugsource-3.26.0-1.oe2403.aarch64.rpm" }, "name":"opencryptoki-debugsource-3.26.0-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"opencryptoki-devel-3.26.0-1.oe2403.aarch64.rpm", "name":"opencryptoki-devel-3.26.0-1.oe2403.aarch64.rpm" }, "name":"opencryptoki-devel-3.26.0-1.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"opencryptoki-3.26.0-1.oe2403.src.rpm", "name":"opencryptoki-3.26.0-1.oe2403.src.rpm" }, "name":"opencryptoki-3.26.0-1.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"opencryptoki-3.26.0-1.oe2403.x86_64.rpm", "name":"opencryptoki-3.26.0-1.oe2403.x86_64.rpm" }, "name":"opencryptoki-3.26.0-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64.rpm", "name":"opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64.rpm" }, "name":"opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"opencryptoki-debugsource-3.26.0-1.oe2403.x86_64.rpm", "name":"opencryptoki-debugsource-3.26.0-1.oe2403.x86_64.rpm" }, "name":"opencryptoki-debugsource-3.26.0-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"opencryptoki-devel-3.26.0-1.oe2403.x86_64.rpm", "name":"opencryptoki-devel-3.26.0-1.oe2403.x86_64.rpm" }, "name":"opencryptoki-devel-3.26.0-1.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"opencryptoki-help-3.26.0-1.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:opencryptoki-help-3.26.0-1.oe2403.noarch", "name":"opencryptoki-help-3.26.0-1.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"opencryptoki-3.26.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.aarch64", "name":"opencryptoki-3.26.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64", "name":"opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"opencryptoki-debugsource-3.26.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.aarch64", "name":"opencryptoki-debugsource-3.26.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"opencryptoki-devel-3.26.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.aarch64", "name":"opencryptoki-devel-3.26.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"opencryptoki-3.26.0-1.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.src", "name":"opencryptoki-3.26.0-1.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"opencryptoki-3.26.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.x86_64", "name":"opencryptoki-3.26.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64", "name":"opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"opencryptoki-debugsource-3.26.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.x86_64", "name":"opencryptoki-debugsource-3.26.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"opencryptoki-devel-3.26.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.x86_64", "name":"opencryptoki-devel-3.26.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-22791", "notes":[ { "text":"openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key and invoking C_WrapKey. This can lead to heap corruption, or denial-of-service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:opencryptoki-help-3.26.0-1.oe2403.noarch", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.src", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:opencryptoki-help-3.26.0-1.oe2403.noarch", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.src", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.x86_64" ], "details":"opencryptoki security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1320" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.6, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:opencryptoki-help-3.26.0-1.oe2403.noarch", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.src", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-22791" }, { "cve":"CVE-2026-23893", "notes":[ { "text":"openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token directories, resulting in privilege escalation or data exposure. Token and lock directories are 0770 (group-writable for token users), so any token-group member can plant files and symlinks inside them. When run as root, the base code handling token directory file access, as well as several openCryptoki tools used for administrative purposes, may reset ownership or permissions on existing files inside the token directories. An attacker with token-group membership can exploit the system when an administrator runs a PKCS#11 application or administrative tool that performs chown on files inside the token directory during normal maintenance. This issue is fixed in commit 5e6e4b4, but has not been included in a released version at the time of publication.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:opencryptoki-help-3.26.0-1.oe2403.noarch", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.src", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:opencryptoki-help-3.26.0-1.oe2403.noarch", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.src", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.x86_64" ], "details":"opencryptoki security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1320" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:opencryptoki-help-3.26.0-1.oe2403.noarch", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.aarch64", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.src", "openEuler-24.03-LTS:opencryptoki-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debuginfo-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-debugsource-3.26.0-1.oe2403.x86_64", "openEuler-24.03-LTS:opencryptoki-devel-3.26.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23893" } ] }