Oval Definition:oval:org.opensuse.security:def:20231255
Revision Date:2023-06-22Version:1
Title:CVE-2023-1255
Description:

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash.

Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption.

The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service.

If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2023-1255
SUSE CVE-2023-1255
SUSE-SU-2023:2470-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Live Patching 15 SP5
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Module for Legacy 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Micro 5.4 is installed
  • AND Package Information
  • openssl is not affected
  • OR libopenssl-1_1-devel is not affected
  • OR libopenssl1_1 is not affected
  • OR libopenssl1_1-hmac is not affected
  • OR openssl-1_1 is not affected
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Live Patching 15 SP5 is installed
  • AND openssl-1_1-livepatches is not affected
  • OR Package Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND
  • libopenssl-devel is not affected
  • OR openssl is not affected
  • OR libopenssl-1_1-devel is not affected
  • OR libopenssl1_1 is not affected
  • OR libopenssl1_1-32bit is not affected
  • OR libopenssl1_1-hmac is not affected
  • OR libopenssl1_1-hmac-32bit is not affected
  • OR openssl-1_1 is not affected
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Legacy 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND
  • libopenssl-1_0_0-devel is not affected
  • OR libopenssl10 is not affected
  • OR libopenssl1_0_0 is not affected
  • OR libopenssl1_0_0-hmac is not affected
  • OR openssl-1_0_0 is not affected
  • BACK