Description

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.

INFO

Published Date :

2026-03-26T20:01:46.174Z

Last Modified :

2026-04-25T01:11:02.236Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-2100 vulnerability.

Vendors Products
P11-kit Project
  • P11-kit
Redhat
  • Enterprise Linux
  • Hardened Images
  • Hummingbird
  • Openshift

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact