diff options
| author | Hitendra Prajapati <hprajapati@mvista.com> | 2026-02-20 10:22:42 +0530 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2026-02-27 17:45:06 +0000 |
| commit | dbdc8de0ef3aa6ae7e018bc627f43c7b64448fe5 (patch) | |
| tree | 77c3efaf51cd1a589fef57c8d3a959304f5cdd09 /meta/recipes-connectivity | |
| parent | fa64e0279b1a5ff9af3a74efc36c14c8fc45f617 (diff) | |
| download | poky-dbdc8de0ef3aa6ae7e018bc627f43c7b64448fe5.tar.gz | |
openssl: fix CVE-2025-15468
To fix this issue, Add a NULL guard before dereferencing SSL_CIPHER.
Backport patch from NVD report: https://nvd.nist.gov/vuln/detail/CVE-2025-15468
(From OE-Core rev: 4eb01c3d18dc268cc5aa03386247bf670075c88b)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch | 39 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl_3.2.6.bb | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch new file mode 100644 index 0000000000..dcd862bedf --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch | |||
| @@ -0,0 +1,39 @@ | |||
| 1 | From 1f08e54bad32843044fe8a675948d65e3b4ece65 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Daniel Kubec <kubec@openssl.org> | ||
| 3 | Date: Fri, 9 Jan 2026 14:33:24 +0100 | ||
| 4 | Subject: [PATCH] ossl_quic_get_cipher_by_char(): Add a NULL guard before | ||
| 5 | dereferencing SSL_CIPHER | ||
| 6 | MIME-Version: 1.0 | ||
| 7 | Content-Type: text/plain; charset=UTF-8 | ||
| 8 | Content-Transfer-Encoding: 8bit | ||
| 9 | |||
| 10 | Fixes CVE-2025-15468 | ||
| 11 | |||
| 12 | Reviewed-by: Saša Nedvědický <sashan@openssl.org> | ||
| 13 | Reviewed-by: Tomas Mraz <tomas@openssl.org> | ||
| 14 | MergeDate: Mon Jan 26 19:36:04 2026 | ||
| 15 | (cherry picked from commit 293b55de0c434a99d0e744d0521170ca280606a9) | ||
| 16 | |||
| 17 | CVE: CVE-2025-15468 | ||
| 18 | Upstream-Status: Backport [https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65] | ||
| 19 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 20 | --- | ||
| 21 | ssl/quic/quic_impl.c | 2 ++ | ||
| 22 | 1 file changed, 2 insertions(+) | ||
| 23 | |||
| 24 | diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c | ||
| 25 | index 98b6a0a..4abde64 100644 | ||
| 26 | --- a/ssl/quic/quic_impl.c | ||
| 27 | +++ b/ssl/quic/quic_impl.c | ||
| 28 | @@ -3646,6 +3646,8 @@ const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p) | ||
| 29 | { | ||
| 30 | const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p); | ||
| 31 | |||
| 32 | + if (ciph == NULL) | ||
| 33 | + return NULL; | ||
| 34 | if ((ciph->algorithm2 & SSL_QUIC) == 0) | ||
| 35 | return NULL; | ||
| 36 | |||
| 37 | -- | ||
| 38 | 2.50.1 | ||
| 39 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.6.bb b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb index 4756f5aaa6..572a12aae8 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.6.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb | |||
| @@ -13,6 +13,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op | |||
| 13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ | 13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ |
| 14 | file://0001-Added-handshake-history-reporting-when-test-fails.patch \ | 14 | file://0001-Added-handshake-history-reporting-when-test-fails.patch \ |
| 15 | file://CVE-2024-41996.patch \ | 15 | file://CVE-2024-41996.patch \ |
| 16 | file://CVE-2025-15468.patch \ | ||
| 16 | " | 17 | " |
| 17 | 18 | ||
| 18 | SRC_URI:append:class-nativesdk = " \ | 19 | SRC_URI:append:class-nativesdk = " \ |