Bug 1193979 (CVE-2021-45450) - VUL-1: CVE-2021-45450: mbedtls: policy bypass/oracle-based decryption in psa_cipher_generate_iv and psa_cipher_encrypt
Summary: VUL-1: CVE-2021-45450: mbedtls: policy bypass/oracle-based decryption in psa_...
Status: RESOLVED FIXED
Alias: CVE-2021-45450
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem (show other bugs)
Version: Leap 15.3
Hardware: Other Other
: P4 - Low : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/318522/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-22 06:58 UTC by Alexander Bergmann
Modified: 2022-05-25 12:32 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-12-22 06:58:21 UTC 
CVE-2021-45450

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and
psa_cipher_encrypt allow policy bypass or oracle-based decryption when the
output buffer is at memory locations accessible to an untrusted application.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45450
https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45450
https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0
http://www.cvedetails.com/cve/CVE-2021-45450/
Comment 1 Pedro Monreal Gonzalez 2022-01-13 17:31:46 UTC 
Submission update to 2.28.0 in Factory:
  * https://build.opensuse.org/request/show/946138
Comment 2 Petr Gajdos 2022-05-25 12:29:23 UTC 
As far as I can see, b12/mbedtls and b15sp3/mbedtls are not affected as they do not contain psa_* code was added later. b15sp4/mbedtls and TW/mbedtls were fixed by a version update.
Comment 3 Petr Gajdos 2022-05-25 12:32:34 UTC 
s;code was;code, which was;