Bug 2261598 (CVE-2024-23170, CVE-2024-23775)

Summary: CVE-2024-23775 CVE-2024-23170 mbedtls: multiple vulnerabilties
Product: [Other] Security Response Reporter: Patrick Del Bello <pdelbell>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2261599, 2261600    
Bug Blocks:    

Description Patrick Del Bello 2024-01-29 21:53:05 UTC 
CVE-2024-23170 Timing side channel in private key RSA operations.

Mbed TLS is vulnerable to a timing side channel in private key RSA operations. This side channel could be sufficient for an attacker to recover the plaintext. A local attacker or a remote attacker who is close to the victim on the network might have precise enough timing measurements to exploit this. It requires the attacker to send a large number of messages for decryption.

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/

CVE-2024-23775 Buffer overflow in mbedtls_x509_set_extension().

When writing x509 extensions we failed to validate inputs passed in to mbedtls_x509_set_extension(), which could result in an integer overflow, causing a zero-length buffer to be allocated to hold the extension. The extension would then be copied into the buffer, causing a heap buffer overflow.

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/


Resolution: update net-libs/mbedtls to 2.28.7 and 3.5.2.
Comment 1 Patrick Del Bello 2024-01-29 21:53:22 UTC 
Created mbedtls tracking bugs for this issue:

Affects: epel-all [bug 2261599]
Affects: fedora-all [bug 2261600]