OpenSSL 3.1: use after free in AVX 512 codepath for AES-GCM #24135

botovq · 2024-04-14T11:39:17Z

Commit 143ca66 fixes a use after free that can be triggered on machines with AVX-512 support on releases prior to OpenSSL 3.2. It would be nice if that commit could be backported to the affected releases. At least OpenSSL 3.1 is affected.

Here is the diff we landed for our port of the 3.1 branch: https://marc.info/?l=openbsd-ports&m=171309272230379&w=2

The text was updated successfully, but these errors were encountered:

botovq added the issue: bug report The issue was opened to report a bug label Apr 14, 2024

nhorman added the triaged: bug The issue/pr is/fixes a bug label Apr 14, 2024

t8m added branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 severity: important Important bugs affecting a released version and removed issue: bug report The issue was opened to report a bug labels Apr 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OpenSSL 3.1: use after free in AVX 512 codepath for AES-GCM #24135

OpenSSL 3.1: use after free in AVX 512 codepath for AES-GCM #24135

botovq commented Apr 14, 2024

OpenSSL 3.1: use after free in AVX 512 codepath for AES-GCM #24135

OpenSSL 3.1: use after free in AVX 512 codepath for AES-GCM #24135

Comments

botovq commented Apr 14, 2024