Date
1 - 1 of 1
[meta-oe][langdale][PATCH] mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393
From: Stefan Ghinea <stefan.ghinea@...>
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) can recover an RSA private key after observing the victim
performing a single private-key operation, if the window size
(MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
There is a potential heap-based buffer overflow and heap-based buffer
over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46392
https://nvd.nist.gov/vuln/detail/CVE-2022-46393
Upstream patches:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
Signed-off-by: Stefan Ghinea <stefan.ghinea@...>
Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit 2ab113e8be42ae2dd61babb8e9a1742684df1f59)
Signed-off-by: Armin Kuster <akuster808@...>
---
.../mbedtls/{mbedtls_2.28.1.bb => mbedtls_2.28.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_2.28.1.bb => mbedtls_2.28.2.bb} (97%)
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb
similarity index 97%
rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb
rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb
index 742414dd8a..15bd7cf43d 100644
--- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb
@@ -23,7 +23,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SECTION = "libs"
S = "${WORKDIR}/git"
-SRCREV = "dd79db10014d85b26d11fe57218431f2e5ede6f2"
+SRCREV = "89f040a5c938985c5f30728baed21e49d0846a53"
SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28"
inherit cmake
--
2.25.1
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) can recover an RSA private key after observing the victim
performing a single private-key operation, if the window size
(MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
There is a potential heap-based buffer overflow and heap-based buffer
over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46392
https://nvd.nist.gov/vuln/detail/CVE-2022-46393
Upstream patches:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
Signed-off-by: Stefan Ghinea <stefan.ghinea@...>
Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit 2ab113e8be42ae2dd61babb8e9a1742684df1f59)
Signed-off-by: Armin Kuster <akuster808@...>
---
.../mbedtls/{mbedtls_2.28.1.bb => mbedtls_2.28.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_2.28.1.bb => mbedtls_2.28.2.bb} (97%)
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb
similarity index 97%
rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb
rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb
index 742414dd8a..15bd7cf43d 100644
--- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb
@@ -23,7 +23,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SECTION = "libs"
S = "${WORKDIR}/git"
-SRCREV = "dd79db10014d85b26d11fe57218431f2e5ede6f2"
+SRCREV = "89f040a5c938985c5f30728baed21e49d0846a53"
SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28"
inherit cmake
--
2.25.1