Revealed Information about Vulnerabilities ( CVE-2021-4160 ) In the OpenSSL cryptographic library caused by an error in the implementation of the adder in the BN_MOD_EXP function, leading to the return of the wrong result of the construction operation to the square. The problem is manifested only on equipment based on MIPS32 and MIPS64 architectures, and can lead to compromising algorithms based on elliptic curves, including the default TLS 1.3. The problem is eliminated in December updates OpenSSL 1.1.1M and 3.0.1.
It is noted that the implementation of real attacks on obtaining information on closed keys using the identified problem is considered for RSA, DSA and Diffe-Helmana algorithm (DH, Diffie-Hellman) As a possible, but unlikely, too complicated for conducting and requiring huge computing resources. At the same time, the attack on TLS is excluded, since in 2016, when troubleshooting the CVE-2016-0701 vulnerability, the sharing of one closed key DH was prohibited.
Additionally, you can mark several recently identified vulnerabilities in open projects:
- Several vulnerabilities (cve-2022-0330 ) in the graphics driver i915 associated with the lack of reset
TLB for GPU. If IOMMU does not apply (address broadcasts), vulnerability allows you to access random memory pages from the user space. The problem can be used to damage or read data from random memory areas. The problem is manifested in all built-in and discrete GPU Intel. Correction is implemented through the addition of compulsory reset TLB before performing each GPU buffer return operation to the system, which will reduce performance. The effect on performance depends on the GPU performed on the GPU operations and the load on the system. The correction is still available only in the form of Patch . - vulnerability (Cve-2022-22942 ) In the VMWGFX graphics driver, used to implement 3D acceleration in VMWare environment. The problem allows an unprivileged user to access files open by other processes in the system. For an attack, you need access to the device / dev / dri / card0 or / dev / dri / rendererd128, as well as the ability to make IOCTL () with the file descriptor received.
- vulnerabilities (Cve-2021-3996 , CVE-2021-3995 ) In the libmount library supplied in the Util-Linux package, allowing an unprivileged user to unmount the disk sections without having permission. The problem is revealed during the audit of Suid-root programs Umount and Fusermount.