Bug 2369388 (CVE-2025-5372)

Summary: CVE-2025-5372 libssh: Incorrect Return Code Handling in ssh_kdf() in libssh
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adudiak, kshier, omaciel, security-response-team, stcannon, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2376282, 2376277, 2376278, 2376279, 2376280, 2376281    
Bug Blocks:    
Deadline: 2025-06-24   

Description OSIDB Bzimport 2025-05-30 11:36:30 UTC
Incorrect Success Return vulnerability in the ssh_kdf() function of libssh when built with OpenSSL versions prior to 3.0. This issue arises because libssh interprets OpenSSL's return value 0 (indicating failure) as SSH_OK (indicating success). As a result, on failure, the function may return success without initializing the output key buffers. This can lead to the use of uninitialized cryptographic keys, affecting the encryption and decryption of SSH traffic. The vulnerability allows an attacker to exploit improper key handling, potentially resulting in data leakage, integrity issues, or denial of service during SSH communication.