CVE-2023-6129

Published: 9 January 2024

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.

Notes

Author	Note
	Priority reason: Considered low severity by upstream OpenSSL project
mdeslaur	only affects 3.x only affects ppc64el

Priority

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package	Release	Status
edk2 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (3.x only)
	focal	Not vulnerable (3.x only)
	jammy	Not vulnerable (3.x only)
	lunar	Not vulnerable (3.x only)
	mantic	Not vulnerable (3.x only)
	noble	Needed
	trusty	Ignored (end of standard support)
	upstream	Needs triage
	xenial	Not vulnerable (3.x only)
nodejs Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Not vulnerable (uses system openssl)
	jammy	Needed
	lunar	Not vulnerable (uses system openssl)
	mantic	Not vulnerable (uses system openssl)
	noble	Not vulnerable (uses system openssl)
	trusty	Not vulnerable (uses system openssl)
	upstream	Needs triage
	xenial	Needs triage
openssl Launchpad, Ubuntu, Debian	bionic	Not vulnerable (3.x only)
	focal	Not vulnerable (3.x only)
	jammy	Released (3.0.2-0ubuntu1.14)
	lunar	Ignored (end of life, was needed)
	mantic	Released (3.0.10-1ubuntu2.2)
	noble	Released (3.0.10-1ubuntu4)
	trusty	Not vulnerable (3.x only)
	upstream	Released (3.0.13)
	xenial	Not vulnerable (3.x only)
	Patches: upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=050d26383d4e264966fb83428e72d5d48f402d35
openssl1.0 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (3.x only)
	focal	Does not exist
	jammy	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	noble	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

Severity score breakdown

Parameter	Value
Base score	6.5
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	Low
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›