CVE-2022-45146 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-45146 Interim 1 7 2025-02-16T02:49:59Z current 2022-11-23T00:42:46Z 2025-02-16T02:49:59Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-45146 An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 7 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Server Business Critical Linux 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Manager Retail Branch Server 4.1 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Manager Server 4.1 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 bouncycastle bouncycastle-pg bouncycastle-pkix bouncycastle-util bouncycastle as a component of SUSE Enterprise Storage 7 bouncycastle as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS bouncycastle-pg as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS bouncycastle-pkix as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS bouncycastle-util as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS bouncycastle as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS bouncycastle-pg as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS bouncycastle-pkix as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS bouncycastle-util as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS bouncycastle as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 bouncycastle-pg as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 bouncycastle-pkix as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 bouncycastle-util as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 bouncycastle as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 bouncycastle-pg as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 bouncycastle-pkix as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 bouncycastle-util as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 bouncycastle as a component of SUSE Linux Enterprise Server 15 SP2-LTSS bouncycastle-pg as a component of SUSE Linux Enterprise Server 15 SP2-LTSS bouncycastle-pkix as a component of SUSE Linux Enterprise Server 15 SP2-LTSS bouncycastle-util as a component of SUSE Linux Enterprise Server 15 SP2-LTSS bouncycastle as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP2 bouncycastle as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 bouncycastle-pg as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 bouncycastle-pkix as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 bouncycastle-util as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 bouncycastle as a component of SUSE Manager Proxy 4.1 bouncycastle as a component of SUSE Manager Retail Branch Server 4.1 bouncycastle as a component of SUSE Manager Server 4.1 An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11. CVE-2022-45146 SUSE Enterprise Storage 7:bouncycastle SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:bouncycastle SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:bouncycastle-pg SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:bouncycastle-pkix SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:bouncycastle-util SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pg SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pkix SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-util SUSE Linux Enterprise Module for Development Tools 15 SP3:bouncycastle SUSE Linux Enterprise Module for Development Tools 15 SP3:bouncycastle-pg SUSE Linux Enterprise Module for Development Tools 15 SP3:bouncycastle-pkix SUSE Linux Enterprise Module for Development Tools 15 SP3:bouncycastle-util SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pg SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pkix SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-util SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pg SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pkix SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-util SUSE Linux Enterprise Server Business Critical Linux 15 SP2:bouncycastle SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pg SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pkix SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-util SUSE Manager Proxy 4.1:bouncycastle SUSE Manager Retail Branch Server 4.1:bouncycastle SUSE Manager Server 4.1:bouncycastle moderate 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L