OpenSSL 3.1: use after free in AVX 512 codepath for AES-GCM #24135
Labels
branch: 3.0
Merge to openssl-3.0 branch
branch: 3.1
Merge to openssl-3.1
severity: important
Important bugs affecting a released version
triaged: bug
The issue/pr is/fixes a bug
Commit 143ca66 fixes a use after free that can be triggered on machines with AVX-512 support on releases prior to OpenSSL 3.2. It would be nice if that commit could be backported to the affected releases. At least OpenSSL 3.1 is affected.
Here is the diff we landed for our port of the 3.1 branch: https://marc.info/?l=openbsd-ports&m=171309272230379&w=2
The text was updated successfully, but these errors were encountered: