Attackers could possibly execute their own code on vulnerable servers with OpenSSL. Updated software versions close the gaps.
Vulnerabilities in the OpenSSL encryption suite may allow attackers to inject and execute arbitrary code. The OpenSSL developers have released new software versions that fix this and another vulnerability.
Code smuggling possible
The more serious vulnerability affects OpenSSL 3.0.4, which was released on June 21st. According to their own description, the developers have incorporated a serious error into this, which affects the RSA implementation on processors that support the AVX-512 IFMA instruction set extension. The implementation with 2048-bit private keys is incorrect and a memory error occurs during the calculation. As a result, an attacker could inject and execute code from the Internet (CVE-2022-2274, no CVSS score yet, risk “high“).
They are only servers affected with the AVX-512 IFMA instruction set extension, but these are actually all current ones: the Intel generations Canon Lake, Ice Lake, Rocket Lake, Tiger Lake and the current CPUs of the Alder Lake series; Centaur CNS Core and finally AMD’s Zen4 architecture. Guido Vranken analyzes some of the background in his blog – he would rate the vulnerability as worse than Heartbleed, only the side conditions limit this: Most are still using OpenSSL 1.1.1, the vulnerability is only a few days old and the instruction set extensions AVX-512 IFMA.
Another security hole concerns the AES encryption in Offset Codebook Mode (OCB). The optimized implementation for 32-bit x86 processors with the instruction set extension AES-NI may not completely encrypt the data. This could expose 16 bytes of data residing in memory that was not written. In the special case of “in-place” encryption, this would reveal 16 bytes in plain text (CVE-2022-2097, still without CVSS score, risk “moderate“).
In their security advisory, the OpenSSL developers make it a point to mention that OpenSSL does not offer OCB-based encryption for TLS and DTLS encryption. OpenSSL 1.1.1 and 3.0 are affected by the bug.
The OpenSSL project has versions 1.1.1q and 3.0.5 that no longer contain the bugs. Administrators with the OpenSSL version from branch 3 should plan a maintenance window to update their installation as soon as possible in order to minimize the attack surface. The error in the AES encryption should only rarely come into play, but IT managers should install the updates for it during the next maintenance.