new file mode 100644
@@ -0,0 +1,42 @@
+From 8632ec172beda894581d67eaa991e519a7874f7d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
+Date: Wed, 17 Jul 2024 11:18:52 +0200
+Subject: [PATCH] pkcs15-tcos: Check return value of serial num conversion
+
+Thanks Matteo Marini for report
+https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
+
+fuzz_pkcs15_encode/21
+
+CVE: CVE-2024-45618
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/8632ec172beda894581d67eaa991e519a7874f7d]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/pkcs15-tcos.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-tcos.c b/src/libopensc/pkcs15-tcos.c
+index a78b9aee5..9f44de6e5 100644
+--- a/src/libopensc/pkcs15-tcos.c
++++ b/src/libopensc/pkcs15-tcos.c
+@@ -530,10 +530,15 @@ int sc_pkcs15emu_tcos_init_ex(
+ /* get the card serial number */
+ r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serialnr);
+ if (r < 0) {
+- sc_log(ctx, "unable to get ICCSN\n");
++ sc_log(ctx, "unable to get ICCSN");
+ return SC_ERROR_WRONG_CARD;
+ }
+- sc_bin_to_hex(serialnr.value, serialnr.len , serial, sizeof(serial), 0);
++ r = sc_bin_to_hex(serialnr.value, serialnr.len, serial, sizeof(serial), 0);
++ if (r != SC_SUCCESS) {
++ sc_log(ctx, "serial number invalid");
++ return SC_ERROR_INTERNAL;
++ }
++
+ serial[19] = '\0';
+ set_string(&p15card->tokeninfo->serial_number, serial);
+
+--
+2.34.1
new file mode 100644
@@ -0,0 +1,42 @@
+From f9d68660f032ad4d7803431d5fc7577ea8792ac3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
+Date: Wed, 17 Jul 2024 14:56:22 +0200
+Subject: [PATCH] pkcs15-lib: Report transport key error
+
+Thanks Matteo Marini for report
+https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
+
+fuzz_pkcs15init/17, fuzz_pkcs15init/18
+
+CVE: CVE-2024-45618
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/f9d68660f032ad4d7803431d5fc7577ea8792ac3]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/pkcs15init/pkcs15-lib.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
+index f297a5f48..f4cbaa694 100644
+--- a/src/pkcs15init/pkcs15-lib.c
++++ b/src/pkcs15init/pkcs15-lib.c
+@@ -3767,13 +3767,15 @@ sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_car
+ if (callbacks.get_key) {
+ rv = callbacks.get_key(profile, type, reference, defbuf, defsize, pinbuf, pinsize);
+ LOG_TEST_RET(ctx, rv, "Cannot get key");
+- }
+- else if (rv >= 0) {
++ } else if (rv >= 0) {
+ if (*pinsize < defsize)
+ LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Get transport key error");
+
+ memcpy(pinbuf, data.key_data, data.len);
+ *pinsize = data.len;
++ } else {
++ /* pinbuf and pinsize were not filled */
++ LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "Get transport key error");
+ }
+
+ memset(&auth_info, 0, sizeof(auth_info));
+--
+2.34.1
@@ -44,6 +44,8 @@ SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
file://CVE-2024-45617-0001.patch \
file://CVE-2024-45617-0002.patch \
file://CVE-2024-45617-0003.patch \
+ file://CVE-2024-45618-0001.patch \
+ file://CVE-2024-45618-0002.patch \
"
# CVE-2021-34193 is a duplicate CVE covering the 5 individual