From 6f87a552ab2ee83d4320406d9e2dc37b52a1c095 Mon Sep 17 00:00:00 2001 From: Ankur Tyagi Date: Mon, 6 Apr 2026 00:49:10 +1200 Subject: [PATCH] wolfssl: patch CVE-2026-4395 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4395 Signed-off-by: Ankur Tyagi Signed-off-by: Anuj Mittal --- .../wolfssl/files/CVE-2026-4395.patch | 31 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch new file mode 100644 index 0000000000..1289e169c4 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch @@ -0,0 +1,31 @@ +From 6a60f44e056f55f3cdc9d11384e5a5d5d0b1d628 Mon Sep 17 00:00:00 2001 +From: Kareem +Date: Mon, 16 Mar 2026 15:34:18 -0700 +Subject: [PATCH] Check raw pubkey length in wc_ecc_import_x963 before copying + to it for KCAPI case. + +(cherry picked from commit ddc177b669cff9d3c7e1b51751f9df73062b872a) + +CVE: CVE-2026-4395 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/ddc177b669cff9d3c7e1b51751f9df73062b872a] +Signed-off-by: Ankur Tyagi +--- + wolfcrypt/src/ecc.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c +index 1fd30cfd9..dcef45a1c 100644 +--- a/wolfcrypt/src/ecc.c ++++ b/wolfcrypt/src/ecc.c +@@ -10784,7 +10784,10 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, + XMEMCPY(key->pubkey_raw, (byte*)in, inLen); + } + #elif defined(WOLFSSL_KCAPI_ECC) +- XMEMCPY(key->pubkey_raw, (byte*)in, inLen); ++ if (inLen <= (word32)sizeof(key->pubkey_raw)) ++ XMEMCPY(key->pubkey_raw, (byte*)in, inLen); ++ else ++ err = BAD_FUNC_ARG; + #endif + + if (err == MP_OKAY) { diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 992591fb90..a700e8a820 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -36,6 +36,7 @@ SRC_URI = " \ file://CVE-2026-3230.patch \ file://CVE-2026-3547.patch \ file://CVE-2026-4159.patch \ + file://CVE-2026-4395.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"