Bug 2104905 (CVE-2022-2097)

Summary: CVE-2022-2097 openssl: AES OCB fails to encrypt some bytes
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: anazmy, asoldano, bbaranow, bdettelb, berrange, bmaxwell, bootloader-eng-team, brian.stansberry, caswilli, cdewolf, cfergeau, chazlett, cllang, crobinso, crypto-team, csutherl, darran.lofthouse, dbelyavs, ddepaula, dffrench, dhalasz, dkreling, dkuc, dosoudil, dueno, elima, epel-packagers-sig, erik-fedora, fjansen, fjuma, fmartine, gzaronik, iweiss, jary, jburrell, jclere, jferlan, jkoehler, jochrist, jwong, jwon, kaycoth, krathod, kraxel, kshier, ktietz, kyoshida, lgao, marcandre.lureau, michel, micjohns, mjg59, mmadzin, mosmerov, msochure, mspacek, msvehla, mturk, ngough, nwallace, pbonzini, peholase, philmd, pjindal, pjones, plodge, pmackay, redhat-bugzilla, rfreiman, rgodfrey, rharwood, rh-spice-bugs, rjones, rstancel, rsvoboda, sahana, smaestri, stcannon, sthirugn, szappis, tfister, tm, tohughes, tom.jenkinson, virt-maint, virt-maint, vkrizan, vkumar, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl 1.1.1q, openssl 3.0.5 Doc Type: If docs needed, set a value
Doc Text:
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed.
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-03 10:55:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2105280, 2104923, 2104924, 2104925, 2104926, 2105026, 2105027, 2105028, 2105029, 2105030, 2105032, 2105033, 2105034, 2105035, 2105036, 2105037, 2105279    
Bug Blocks: 2104175    

Description Mauro Matteo Cascella 2022-07-07 12:52:43 UTC
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed.

OpenSSL security advisory:
https://www.openssl.org/news/secadv/20220705.txt

Upstream fix:
https://github.com/openssl/openssl/commit/6ebf6d51596f51d23ccbc17930778d104a57d99c [master]
https://github.com/openssl/openssl/commit/919925673d6c9cfed3c1085497f5dfbbed5fc431 [1_1_1-stable]
https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93 [openssl-3.0]

Comment 3 Mauro Matteo Cascella 2022-07-07 18:22:53 UTC
Created edk2 tracking bugs for this issue:

Affects: fedora-all [bug 2105034]


Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 2105035]


Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 2105036]


Created openssl1.1 tracking bugs for this issue:

Affects: fedora-all [bug 2105037]


Created openssl11 tracking bugs for this issue:

Affects: epel-7 [bug 2105032]


Created openssl3 tracking bugs for this issue:

Affects: epel-8 [bug 2105033]

Comment 8 errata-xmlrpc 2022-08-03 13:00:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5818 https://access.redhat.com/errata/RHSA-2022:5818

Comment 10 errata-xmlrpc 2022-08-30 16:02:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6224 https://access.redhat.com/errata/RHSA-2022:6224

Comment 11 Product Security DevOps Team 2022-09-03 10:55:46 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2097