SB2025070782 - Multiple vulnerabilities in ARM mbed TLS

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Unchecked Return Value (CVE-ID: CVE-2025-49600)

The vulnerability allows a remote attacker to bypass signature verification.

The vulnerability exists due to unchecked return value in mbedtls_lms_verify(). A remote attacker can bypass LMS signature verification process.

2) Out-of-bounds read (CVE-ID: CVE-2025-49601)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in mbedtls_lms_import_public_key(). A remote attacker can pass specially crafted LMS public key to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.

3) Race condition (CVE-ID: CVE-2025-52496)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to a race condition on x86 and amd64 systems that have the AESNI instruction, as it can be used for AES encryption and decryption. A remote attacker can extract AES keys from multithreaded programs and use them to decrypt traffic. 

4) Out-of-bounds read (CVE-ID: CVE-2025-52497)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing invalid PEM-encrypted material in mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile() and mbedtls_pem_read_buffer() functions. A remote attacker can pass specially crafted data to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.

5) Covert Timing Channel (CVE-ID: CVE-2025-49087)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to a timing side channel attack on its implementation of PKCS#7 padding removal. A remote attacker with access to timing information and a decryption oracle can recover the last byte of each plaintext block. If some portion of the plaintext is controlled by the attacker as is often the case, the whole plaintext can be recovered.

6) NULL pointer dereference (CVE-ID: CVE-2025-48965)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the mbedtls_asn1_store_named_data() function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

7) Use-after-free (CVE-ID: CVE-2025-47917)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the mbedtls_x509_string_to_names() function. A remote attacker can send specially crafted data to the application, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install update from vendor's website.

References

• https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md
• https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-4.md
• https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md
• https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md
• https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-5/
• https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-6/
• https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-7/