new file mode 100644
@@ -0,0 +1,67 @@
+From 5e4f26b510b04624386c54816bf26aacea0fe4a1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
+Date: Thu, 11 Jul 2024 14:58:25 +0200
+Subject: [PATCH] cac: Fix uninitialized values
+
+Thanks Matteo Marini for report
+https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
+
+fuzz_card/1,fuzz_pkcs11/6
+CVE: CVE-2024-45615
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/5e4f26b510b04624386c54816bf26aacea0fe4a1]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/card-cac.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
+index 1d1b616c8..4c3bc89bd 100644
+--- a/src/libopensc/card-cac.c
++++ b/src/libopensc/card-cac.c
+@@ -255,7 +255,7 @@ static int cac_apdu_io(sc_card_t *card, int ins, int p1, int p2,
+ size_t * recvbuflen)
+ {
+ int r;
+- sc_apdu_t apdu;
++ sc_apdu_t apdu = {0};
+ u8 rbufinitbuf[CAC_MAX_SIZE];
+ u8 *rbuf;
+ size_t rbuflen;
+@@ -392,13 +392,13 @@ fail:
+ static int cac_read_file(sc_card_t *card, int file_type, u8 **out_buf, size_t *out_len)
+ {
+ u8 params[2];
+- u8 count[2];
++ u8 count[2] = {0};
+ u8 *out = NULL;
+- u8 *out_ptr;
++ u8 *out_ptr = NULL;
+ size_t offset = 0;
+ size_t size = 0;
+ size_t left = 0;
+- size_t len;
++ size_t len = 0;
+ int r;
+
+ params[0] = file_type;
+@@ -461,7 +461,7 @@ static int cac_read_binary(sc_card_t *card, unsigned int idx,
+ const u8 *tl_ptr, *val_ptr, *tl_start;
+ u8 *tlv_ptr;
+ const u8 *cert_ptr;
+- size_t tl_len, val_len, tlv_len;
++ size_t tl_len = 0, val_len = 0, tlv_len;
+ size_t len, tl_head_len, cert_len;
+ u8 cert_type, tag;
+
+@@ -1528,7 +1528,7 @@ static int cac_parse_CCC(sc_card_t *card, cac_private_data_t *priv, const u8 *tl
+ static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv, int depth)
+ {
+ u8 *tl = NULL, *val = NULL;
+- size_t tl_len, val_len;
++ size_t tl_len = 0, val_len = 0;
+ int r;
+
+ if (depth > CAC_MAX_CCC_DEPTH) {
+--
+2.34.1
new file mode 100644
@@ -0,0 +1,36 @@
+From 7d68a7f442e38e16625270a0fdc6942c9e9437e6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
+Date: Tue, 16 Jul 2024 15:51:51 +0200
+Subject: [PATCH] card-piv: Initialize variables for tag and CLA
+
+In case they are not later initialize later by
+sc_asn1_read_tag() function.
+
+Thanks Matteo Marini for report
+https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
+
+fuzz_pkcs11/21
+
+CVE: CVE-2024-45615
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/7d68a7f442e38e16625270a0fdc6942c9e9437e6]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/card-piv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
+index 6bf740221..0f07b2529 100644
+--- a/src/libopensc/card-piv.c
++++ b/src/libopensc/card-piv.c
+@@ -2241,7 +2241,7 @@ static int piv_get_challenge(sc_card_t *card, u8 *rnd, size_t len)
+ const u8 *p;
+ size_t out_len = 0;
+ int r;
+- unsigned int tag, cla;
++ unsigned int tag = 0, cla = 0;
+ piv_private_data_t * priv = PIV_DATA(card);
+
+ LOG_FUNC_CALLED(card->ctx);
+--
+2.34.1
new file mode 100644
@@ -0,0 +1,35 @@
+From bb3dedb71e59bd17f96fd4e807250a5cf2253cb7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
+Date: Fri, 12 Jul 2024 14:35:47 +0200
+Subject: [PATCH] pkcs15-cert.c: Initialize OID length
+
+In case it is not set later.
+
+Thanks Matteo Marini for report
+https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
+
+fuzz_pkcs11/7
+
+CVE: CVE-2024-45615
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/bb3dedb71e59bd17f96fd4e807250a5cf2253cb7]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/pkcs15-cert.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libopensc/pkcs15-cert.c b/src/libopensc/pkcs15-cert.c
+index 1777a85835..5e2dbb89d0 100644
+--- a/src/libopensc/pkcs15-cert.c
++++ b/src/libopensc/pkcs15-cert.c
+@@ -169,7 +169,7 @@ sc_pkcs15_get_name_from_dn(struct sc_context *ctx, const u8 *dn, size_t dn_len,
+ for (next_ava = rdn, next_ava_len = rdn_len; next_ava_len; ) {
+ const u8 *ava, *dummy, *oidp;
+ struct sc_object_id oid;
+- size_t ava_len, dummy_len, oid_len;
++ size_t ava_len = 0, dummy_len, oid_len = 0;
+
+ /* unwrap the set and point to the next ava */
+ ava = sc_asn1_skip_tag(ctx, &next_ava, &next_ava_len, SC_ASN1_TAG_SET | SC_ASN1_CONS, &ava_len);
+--
+2.34.1
new file mode 100644
@@ -0,0 +1,36 @@
+From 42d718dfccd2a10f6d26705b8c991815c855fa3b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
+Date: Tue, 16 Jul 2024 16:32:45 +0200
+Subject: [PATCH] pkcs15-sc-hsm: Initialize variables for tag and CLA
+
+In case they are not later initialize later by
+sc_asn1_read_tag() function.
+
+Thanks Matteo Marini for report
+https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
+
+fuzz_pkcs15_crypt/12
+
+CVE: CVE-2024-45615
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/42d718dfccd2a10f6d26705b8c991815c855fa3b]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/pkcs15-sc-hsm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libopensc/pkcs15-sc-hsm.c b/src/libopensc/pkcs15-sc-hsm.c
+index 315cd74482..acdbee7054 100644
+--- a/src/libopensc/pkcs15-sc-hsm.c
++++ b/src/libopensc/pkcs15-sc-hsm.c
+@@ -277,7 +277,7 @@ int sc_pkcs15emu_sc_hsm_decode_cvc(sc_pkcs15_card_t * p15card,
+ struct sc_asn1_entry asn1_cvcert[C_ASN1_CVCERT_SIZE];
+ struct sc_asn1_entry asn1_cvc_body[C_ASN1_CVC_BODY_SIZE];
+ struct sc_asn1_entry asn1_cvc_pubkey[C_ASN1_CVC_PUBKEY_SIZE];
+- unsigned int cla,tag;
++ unsigned int cla = 0, tag = 0;
+ size_t taglen;
+ size_t lenchr = sizeof(cvc->chr);
+ size_t lencar = sizeof(cvc->car);
+--
+2.34.1
new file mode 100644
@@ -0,0 +1,34 @@
+From bde991b0fe4f0250243b0e4960978b1043c13b03 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 20 May 2024 21:31:38 +0200
+Subject: [PATCH] pkcs15init: Avoid using uninitialized memory
+
+Thanks Matteo Marini for report
+
+https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+CVE: CVE-2024-45615
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/bde991b0fe4f0250243b0e4960978b1043c13b03]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/pkcs15init/profile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c
+index 74fbdcec1..16c2ddfea 100644
+--- a/src/pkcs15init/profile.c
++++ b/src/pkcs15init/profile.c
+@@ -1807,7 +1807,7 @@ do_pin_storedlength(struct state *cur, int argc, char **argv)
+ static int
+ do_pin_flags(struct state *cur, int argc, char **argv)
+ {
+- unsigned int flags;
++ unsigned int flags = 0;
+ int i, r;
+
+ if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
+--
+2.34.1
@@ -26,6 +26,11 @@ SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
file://CVE-2024-1454.patch \
file://CVE-2024-8443-0001.patch \
file://CVE-2024-8443-0002.patch \
+ file://CVE-2024-45615-0001.patch \
+ file://CVE-2024-45615-0002.patch \
+ file://CVE-2024-45615-0003.patch \
+ file://CVE-2024-45615-0004.patch \
+ file://CVE-2024-45615-0005.patch \
"
# CVE-2021-34193 is a duplicate CVE covering the 5 individual