Bug 1202345 (CVE-2015-0290)

Summary: CVE-2015-0290 openssl: multiblock corrupted pointer
Product: [Other] Security Response Reporter: Martin Prpič <mprpic>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: aavati, acathrow, alonbl, bazulay, bmcclain, cdewolf, cfergeau, dandread, darran.lofthouse, dblechte, dknox, ecohen, erik-fedora, gklein, idith, iheim, jason.greene, jawilson, jboss-set, jclere, jdoyle, ktietz, lfarkas, lgao, lsurette, marcandre.lureau, mehmetgelisin, michal.skrivanek, myarboro, nlevinki, pgier, pslavice, rbalakri, rfortier, rhs-bugs, rh-spice-bugs, rjones, rsvoboda, security-response-team, sgirijan, smohan, ssaha, tmraz, twalsh, vbellur, vtunka, weli, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: openssl 1.0.2a Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-18 03:43:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1202442    

Description Martin Prpič 2015-03-16 12:53:35 UTC
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64-bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking I/O. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used, then it is likely that a segmentation fault will be triggered, thus enabling a potential denial of service attack.

This issue affects OpenSSL version 1.0.2, and is fixed in version 1.0.2a.


Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Daniel Danner and Rainer Mueller as the original reporters.

Comment 1 Huzaifa S. Sidhpurwala 2015-03-18 03:43:00 UTC

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, 6, and 7.

Comment 2 Tomas Hoger 2015-03-18 14:05:34 UTC
Affected code was introduced upstream in 1.0.2 via: