CVE-2026-42014 | A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin… | CVSS 6.6 MEDIUM

Description

A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.

Metadata

CVE ID: CVE-2026-42014
State: PUBLISHED
Assigner: redhat
Reserved: 2026-04-23 11:23 UTC
Published: 2026-06-16 00:49 UTC
Last updated: 2026-06-16 00:49 UTC
Primary CWE: CWE-825
Expired Pointer Dereference
Vendor / Product: Red Hat / Red Hat Enterprise Linux 10
Sources: cve.org · NVD

Severity & Metrics

6.6 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Affected products (9)

Vendor	Product	Platform	Versions
Red Hat	Red Hat Enterprise Linux 10	—	0:3.8.10-4.el10_2 < *
Red Hat	Red Hat Enterprise Linux 6	—	—
Red Hat	Red Hat Enterprise Linux 7	—	—
Red Hat	Red Hat Enterprise Linux 8	—	0:3.6.16-8.el8_10.6 < *
Red Hat	Red Hat Enterprise Linux 8	—	0:3.6.16-8.el8_10.6 < *
Red Hat	Red Hat Enterprise Linux 9	—	0:3.8.10-4.el9_8 < *
Red Hat	Red Hat Enterprise Linux 9	—	0:3.8.10-4.el9_8 < *
Red Hat	Red Hat Hardened Images	—	—
Red Hat	Red Hat OpenShift Container Platform 4	—	—

Weakness (CWE)

CWE	Source	Description
CWE-825	cna	Expired Pointer Dereference

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.6	MEDIUM	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

References (7)

RHSA-2026:20611 https://access.redhat.com/errata/RHSA-2026:20611
RHSA-2026:20612 https://access.redhat.com/errata/RHSA-2026:20612
RHSA-2026:20613 https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/security/cve/CVE-2026-42014
RHBZ#2467451 https://bugzilla.redhat.com/show_bug.cgi?id=2467451
https://gitlab.com/gnutls/gnutls/-/issues/1766
https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9