From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: CVE-2024-45618 2. Release Date: September 2, 2024 3. Last Modified Date: September 3, 2024 4. Severity: Low 5. Description: A vulnerability has been discovered in the pkcs15-init component of OpenSC. An attacker can use a specially crafted USB device or smart card to send a specially constructed APDU response to the system. When the buffer is partially filled with data, the initialization portion of the buffer can be incorrectly accessed. 6. Additional Information: - Bugzilla ID: 2309287 - CWE ID: 457 - FAQ: Frequently Asked Questions about CVE-2024-45618 7. Affected Packages and Red Hat Security Patches: - Red Hat Enterprise Linux 7 - Red Hat Enterprise Linux 8 - Red Hat Enterprise Linux 9 - The fix status for all these packages is “Fix deferred” 8. CVSS Score: - CVSS v3 Base Score: 3.9 - CVSS v3 Vector: AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 9. Acknowledgment: Thanks to Matteo Marini (University of Rome) for reporting this issue. 10. FAQs: - Why does Red Hat’s CVSS v3 score or impact differ from other vendors? - My product is listed as “under investigation” or “affected”—when will Red Hat release a fix? - If my product is listed as “not fixed,” what should I do? - What are mitigations? - I have a Red Hat product, but it’s not listed above—am I affected? - Why does my security scanner report that my product is affected by this vulnerability, even though my product version is already patched or not affected? This information provides a detailed description of the vulnerability, affected software packages, CVSS scoring, acknowledgments, and frequently asked questions.