mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-04 14:39:54 +00:00
Stefan Ghinea
2ab113e8be
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller. An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. References: https://nvd.nist.gov/vuln/detail/CVE-2022-46392 https://nvd.nist.gov/vuln/detail/CVE-2022-46393 Upstream patches: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Collection of layers for the OE-core universe Main layer maintainer: Khem Raj <raj.khem@gmail.com> This repository is a collection of layers to suppliment OE-Core with additional packages, Each layer have designated maintainer Please see the respective READMEs in the layer subdirectories