Bug 2104905 (CVE-2022-2097)
| Summary: | CVE-2022-2097 openssl: AES OCB fails to encrypt some bytes | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | anazmy, asoldano, bbaranow, bdettelb, berrange, bmaxwell, bootloader-eng-team, brian.stansberry, caswilli, cdewolf, cfergeau, chazlett, cllang, crobinso, crypto-team, csutherl, darran.lofthouse, dbelyavs, ddepaula, dffrench, dhalasz, dkreling, dkuc, dosoudil, dueno, elima, epel-packagers-sig, erik-fedora, fjansen, fjuma, fmartine, gzaronik, iweiss, jary, jburrell, jclere, jferlan, jkoehler, jochrist, jwong, jwon, kaycoth, krathod, kraxel, kshier, ktietz, kyoshida, lgao, marcandre.lureau, michel, micjohns, mjg59, mmadzin, mosmerov, msochure, mspacek, msvehla, mturk, ngough, nwallace, pbonzini, peholase, philmd, pjindal, pjones, plodge, pmackay, redhat-bugzilla, rfreiman, rgodfrey, rharwood, rh-spice-bugs, rjones, rstancel, rsvoboda, sahana, smaestri, stcannon, sthirugn, szappis, tfister, tm, tohughes, tom.jenkinson, virt-maint, virt-maint, vkrizan, vkumar, vmugicag |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openssl 1.1.1q, openssl 3.0.5 | Doc Type: | If docs needed, set a value |
| Doc Text: |
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-09-03 10:55:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2104923, 2104924, 2104925, 2104926, 2105026, 2105027, 2105028, 2105029, 2105030, 2105032, 2105033, 2105034, 2105035, 2105036, 2105037, 2105279, 2105280 | ||
| Bug Blocks: | 2104175 | ||
|
Description
Mauro Matteo Cascella
2022-07-07 12:52:43 UTC
Created edk2 tracking bugs for this issue: Affects: fedora-all [bug 2105034] Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 2105035] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 2105036] Created openssl1.1 tracking bugs for this issue: Affects: fedora-all [bug 2105037] Created openssl11 tracking bugs for this issue: Affects: epel-7 [bug 2105032] Created openssl3 tracking bugs for this issue: Affects: epel-8 [bug 2105033] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5818 https://access.redhat.com/errata/RHSA-2022:5818 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6224 https://access.redhat.com/errata/RHSA-2022:6224 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2097 |