From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: CVE-2024-8443 2. Release Date: September 4, 2024 3. Last Modified Date: September 10, 2024 4. Severity: Low 5. Description: A heap overflow vulnerability exists in the libopensc OpenPGP driver. Malicious USB devices or smart cards may trigger arbitrary code execution during APDU response when using the pkcs15-init tool. 6. Statement: Classified as low severity due to the requirement for physical access and high complexity. 7. Additional Information: - Bugzilla ID: 2310494 - CWE ID: 122 - FAQ: Frequently Asked Questions about CVE-2024-8443 8. Affected Packages and Red Hat Security Patches: - Red Hat Enterprise Linux 7 - Red Hat Enterprise Linux 8 - Red Hat Enterprise Linux 9 - All versions of the packages are considered affected unless explicitly marked as unaffected. 9. CVSS v3 Score: - CVSS v3 Base Score: 3.4 - Attack Vector: Physical - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Changed - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None 10. FAQs: - Why does Red Hat’s CVSS v3 score or impact differ from other vendors? - If a product is listed as “under investigation” or “affected,” when will Red Hat release a fix? - If my product is listed as “not fixed,” what should I do? - What are mitigations? - I have a Red Hat product, but it’s not listed above—am I affected? - Why does my security scanner report my product is affected by this vulnerability, even though my product version is patched or unaffected? This information provides a detailed description of the vulnerability, its scope of impact, and recommended security measures.