CVE-2026-2100
NULL Dereference in p11-kit C_DeriveKey Causes DoS
Publication date: 2026-03-26
Last updated on: 2026-04-25
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | hardened_images | * |
| p11-kit_project | p11-kit | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-824 | The product accesses or uses a pointer that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in p11-kit and involves a NULL dereference issue triggered when the C_DeriveKey function is called on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL.
The problem arises because certain variables, specifically named "data" in the source code, are declared but not initialized before being used. This causes the RPC client to attempt to return uninitialized values, which can lead to NULL pointer dereferences or undefined behavior.
This flaw can be exploited remotely by an attacker who calls the vulnerable function with crafted parameters, potentially causing the application to crash or behave unpredictably.
How can this vulnerability impact me? :
Exploitation of this vulnerability may cause an application-level denial of service (DoS) by triggering a NULL pointer dereference or other unpredictable system states.
This means that affected applications using p11-kit could crash or become unstable when processing certain remote calls, potentially disrupting services or operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a NULL dereference triggered by specific calls to the C_DeriveKey function in p11-kit with certain IBM kyber or IBM btc derive mechanism parameters set to NULL.
Detection would involve monitoring or analyzing calls to the C_DeriveKey function on remote tokens, especially those using the IBM kyber or IBM btc derive mechanisms.
Since the issue is related to uninitialized variables causing NULL dereferences, one approach is to check for crashes or application-level denial of service events related to p11-kit.
No specific commands or network detection signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability affects all Linux systems running vulnerable versions of p11-kit.
Immediate mitigation steps include updating p11-kit to a patched version where this NULL dereference issue is fixed.
If an update is not immediately available, consider restricting or monitoring remote calls to the C_DeriveKey function, especially those using IBM kyber or IBM btc derive mechanisms with NULL parameters.
Additionally, monitoring for application crashes or denial of service symptoms related to p11-kit can help in early detection and response.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.