POLY1305 MAC implementation corrupts XMM registers on Windows
CVE-2023-4807

7.8HIGH

Key Information:

Vendor

OpenSSL
Status
OpenSSL
Vendor
CVE Published:
8 September 2023

What is CVE-2023-4807?

The POLY1305 MAC implementation in OpenSSL has a flaw that may lead to internal state corruption in applications running on the Windows 64 platform, specifically on newer X86_64 processors that support AVX512-IFMA instructions. This issue arises when the MAC algorithm is employed in applications using OpenSSL. If an attacker manages to control whether POLY1305 MAC is invoked, it could result in corrupted application state, with varying consequences depending on the application’s dependency on XMM register contents. The problematic behavior occurs when processing data larger than 64 bytes, where non-volatile XMM registers are zeroed instead of restored. While potential outcomes range from harmless to critical, most likely impacts include erroneous computations or application crashes, potentially leading to denial of service. It's noteworthy that there is currently a lack of known affected applications. Workarounds include disabling AVX512-IFMA at runtime.

Affected Version(s)

OpenSSL 3.1.0 < 3.1.3

OpenSSL 3.0.0 < 3.0.11

OpenSSL 1.1.1 < 1.1.1w

References

https://www.openssl.org/news/secadv/20230908.txt
vendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdif...
patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdif...
patch

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zach Wilson
Bernd Edlinger
JSON
.