CVE-2023-6129

Publication date 9 January 2024

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.

Read the notes from the security team

Why is this CVE low priority?

Considered low severity by upstream OpenSSL project

Learn more about Ubuntu priority

Status

Package Ubuntu Release Status
edk2 24.10 oracular
Vulnerable
24.04 LTS noble
Vulnerable
23.10 mantic
Not affected
23.04 lunar
Not affected
22.04 LTS jammy
Not affected
20.04 LTS focal
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Ignored end of standard support
nodejs 24.10 oracular
Not affected
24.04 LTS noble
Not affected
23.10 mantic
Not affected
23.04 lunar
Not affected
22.04 LTS jammy
Vulnerable
20.04 LTS focal
Not affected
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty
Not affected
openssl 24.10 oracular
Fixed 3.0.10-1ubuntu4
24.04 LTS noble
Fixed 3.0.10-1ubuntu4
23.10 mantic
Fixed 3.0.10-1ubuntu2.2
23.04 lunar Ignored end of life, was needed
22.04 LTS jammy
Fixed 3.0.2-0ubuntu1.14
20.04 LTS focal
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected
openssl1.0 24.10 oracular Not in release
24.04 LTS noble Not in release
23.10 mantic Not in release
23.04 lunar Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Notes


mdeslaur

only affects 3.x only affects ppc64el

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
openssl

Severity score breakdown

Parameter Value
Base score 6.5 · Medium
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact Low
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-6622-1
    • OpenSSL vulnerabilities
    • 5 February 2024

Other references