[Bug 2147395] [NEW] opensc-pkcs11 (0.25.0~rc1-1ubuntu0.2) SIGSEGV in sc_release_context during PKCS#11 C_Initialize via p11-kit/NSS (Ubuntu 24.04)

Ratikanta Panda Mon, 06 Apr 2026 19:25:04 -0700

Public bug reported:

Impact
On Ubuntu 24.04, applications that trigger NSS/p11-kit PKCS#11 module loading 
can crash with SIGSEGV inside OpenSC. This appears to be a memory-safety issue 
in OpenSC (observed in sc_release_context) reached via opensc-pkcs11.so during 
C_Initialize().


Affected packages / versions
Ubuntu: 24.04 (Noble) 
opensc-pkcs11: 0.25.0~rc1-1ubuntu0.2
opensc: 0.25.0~rc1-1ubuntu0.2   
p11-kit:  0.25.3-4ubuntu2.1   
libnss3: 2:3.98-1ubuntu0.1    
(For reference: Ubuntu 22.04 with opensc-pkcs11 0.22.0-1ubuntu2.1 does not 
reproduce in our environment.)

Reproduction (high-level)
Ensure opensc-pkcs11 is installed and p11-kit module file exists:
opensc-pkcs11.module contains module: opensc-pkcs11.so
Start an application that triggers NSS initialization (e.g. Chromium / 
QtWebEngine / NSS consumers) in an environment where FIPS/OpenSSL provider 
initialization occurs early.
NSS loads PKCS#11 modules via p11-kit, which loads opensc-pkcs11.so.
Process crashes with SIGSEGV.
Expected result
No crash when opensc-pkcs11.so is loaded/initialized via PKCS#11.

Actual result
SIGSEGV in OpenSC during initialization/cleanup path.

lsb_release -rd
No LSB modules are available.
Description:    Ubuntu 24.04.4 LTS
Release:        24.04

Backtrace
Stack trace of thread 39413:
                #0  0x000076d56da7c219 sc_release_context (libopensc.so.11 + 
0x27219)
                #1  0x000076d56da7c6ea sc_context_create (libopensc.so.11 + 
0x276ea)
                #2  0x000076d56dc571f6 C_Initialize (onepin-opensc-pkcs11.so + 
0x171f6)
                #3  0x000076d575321e28 n/a (libnss3.so + 0x50e28)
                #4  0x000076d575322dab n/a (libnss3.so + 0x51dab)
                #5  0x000076d575329c05 SECMOD_LoadModule (libnss3.so + 0x58c05)
                #6  0x000076d575329ff8 SECMOD_LoadModule (libnss3.so + 0x58ff8)
                #7  0x000076d5752ef118 n/a (libnss3.so + 0x1e118)
                #8  0x000076d5752ef447 n/a (libnss3.so + 0x1e447)
                #9  0x000076d5752f36cd NSS_InitReadWrite (libnss3.so + 0x226cd)
                #10 0x000076d57e0768ae n/a (libQt6WebEngineCore.so.6 + 
0x4a768ae)
                #11 0x000076d57e076eae n/a (libQt6WebEngineCore.so.6 + 
0x4a76eae)
                #12 0x000076d57da13b9a n/a (libQt6WebEngineCore.so.6 + 
0x4413b9a)

** Affects: opensc (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2147395

Title:
  opensc-pkcs11 (0.25.0~rc1-1ubuntu0.2) SIGSEGV in sc_release_context
  during PKCS#11 C_Initialize via p11-kit/NSS (Ubuntu 24.04)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2147395/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2147395] [NEW] opensc-pkcs11 (0.25.0~rc1-1ubuntu0.2) SIGSEGV in sc_release_context during PKCS#11 C_Initialize via p11-kit/NSS (Ubuntu 24.04)

Reply via email to