Bug 2257571 (CVE-2023-6129) - CVE-2023-6129 openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC
Summary: CVE-2023-6129 openssl: POLY1305 MAC implementation corrupts vector registers ...
Keywords:
Status: NEW
Alias: CVE-2023-6129
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2257573 2257574 2257575 2257576 2275460 2275461
Blocks: 2257577 2275454
TreeView+ depends on / blocked
 
Reported: 2024-01-10 05:01 UTC by TEJ RATHI
Modified: 2025-05-16 08:27 UTC (History)
39 users (show)

Fixed In Version: OpenSSL 3.0, OpenSSL 3.1, OpenSSL 3.2
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:2447 0 None None None 2024-04-30 10:52:21 UTC
Red Hat Product Errata RHSA-2024:9088 0 None None None 2024-11-12 08:41:40 UTC

Description TEJ RATHI 2024-01-10 05:01:06 UTC
The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions.

OpenSSL versions 3.0.0 to 3.0.12, 3.1.0 to 3.1.4 and 3.2.0 are vulnerable to this issue. 
The FIPS provider is not affected because the POLY1305 MAC algorithm is not FIPS approved and the FIPS provider does not implement it.

OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.

http://www.openwall.com/lists/oss-security/2024/01/09/1
https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35
https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04
https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015
https://www.openssl.org/news/secadv/20240109.txt

Comment 1 TEJ RATHI 2024-01-10 05:40:44 UTC
Created edk2 tracking bugs for this issue:

Affects: fedora-all [bug 2257574]


Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 2257575]


Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 2257576]


Created openssl3 tracking bugs for this issue:

Affects: epel-all [bug 2257573]

Comment 5 Mauro Matteo Cascella 2024-04-17 09:28:03 UTC
Created mysql8.0 tracking bugs for this issue:

Affects: fedora-all [bug 2275461]

Comment 7 errata-xmlrpc 2024-04-30 10:52:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2447 https://access.redhat.com/errata/RHSA-2024:2447

Comment 9 errata-xmlrpc 2024-11-12 08:41:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9088 https://access.redhat.com/errata/RHSA-2024:9088


Note You need to log in before you can comment on or make changes to this bug.