Kunpeng BoostKit 21.0.0.SPC2
KMC Vulnerability
Trouble Ticket No. |
DTS: DTS2022071306985 Vulnerability ID: HWPSIRT-2022-32170 |
|---|---|
Symptom |
The KMC streaming encryption and decryption interfaces, including SdpEncryptUpdate, SdpEncryptUpdateEx, SdpDecryptUpdate, SdpDecryptUpdateEx, SdpEncryptFinal, SdpEncryptFinalEx, SdpDecryptFinal, and SdpDecryptFinalEx, have incorrect input parameters. As a result, integer rollover occurs and further memory problems occur in the underlying cryptography library. |
Severity |
Minor |
Root Cause |
The KMC component has the HWPSIRT-2022-32170 vulnerability. |
Solution |
Use the KMC component in which this vulnerability has been fixed. |
Impact |
None |
Test Suggestion |
Obtain the tag of the KMC used for version build and compare it with the vulnerability fix list of the tag. If the list contains the HWPSIRT-2022-32170 vulnerability, the vulnerability has been fixed. |