NULL dereference via C_DeriveKey with specific NULL parameters
Summary
NULL dereference via C_DeriveKey with specific NULL parameters. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-824. Affected package(s): p11-kit, insights-proxy/insights-proxy-container-rhel9:1780420428, rhui5/haproxy-rhel9:1779798164, costmanagement/costmanagement-metrics-rhel9-operator:1780946239, p11-kit-main, rhui5/rhua-rhel9:1779798222. Resolved in Red Hat advisory RHSA-2026:7065 — update the affected packages (`sudo dnf update`).
- p11-kit-0:0.26.2-1.el9
- insights-proxy/insights-proxy-container-rhel9:1780420428
- rhui5/haproxy-rhel9:1779798164
- p11-kit-0:0.26.2-1.el10
- costmanagement/costmanagement-metrics-rhel9-operator:1780946239
- p11-kit-main-0.26.2-1.1.hum1
- rhui5/rhua-rhel9:1779798222
- rhui5/cds-rhel9:1779798159
- rhui5/installer-rhel9:1779798165
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- RHSA-2026:7065
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:7065 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.