CVE-2026-42014 PUBLISHED

Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin

Assigner: redhat
Reserved: 23.04.2026 Published: 16.06.2026 Updated: 16.06.2026

A flaw was found in GnuTLS. The gnutls_pkcs11_token_set_pin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVSS Score: 6.6

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: affected unaffected from 0:3.8.10-4.el10_2 to * (excl.)

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: affected unaffected from 0:3.6.16-8.el8_10.6 to * (excl.)

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: affected unaffected from 0:3.6.16-8.el8_10.6 to * (excl.)

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected unaffected from 0:3.8.10-4.el9_8 to * (excl.)

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected unaffected from 0:3.8.10-4.el9_8 to * (excl.)

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Hardened Images
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat OpenShift Container Platform 4
Versions	Default: affected

Credits

Red Hat would like to thank Joshua Rogers (AISLE Research Team) and Luigino Camastra for reporting this issue.

References

Problem Types

Expired Pointer Dereference CWE