SB2026040279 - Fedora 44 update for mbedtls

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Buffer underflow (CVE-ID: CVE-2026-25833)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in x509_inet_pton_ipv6() when parsing IPv6 address input. A remote attacker can send a specially crafted IPv6 address string to cause a buffer underread of up to 4 bytes, potentially leading to a denial of service.

In rare cases, the buffer underread may cross a page boundary and trigger a memory access violation, resulting in a crash.

2) NULL pointer dereference (CVE-ID: CVE-2026-34874)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper memory management in the function mbedtls_x509_string_to_names() when processing user-supplied distinguished names. A remote attacker can cause a memory allocation failure during the execution of mbedtls_x509_string_to_names() to trigger a null pointer dereference, leading to arbitrary code execution on systems without memory protection at address 0.

On platforms with memory protection, this may result in a segmentation fault or denial of service instead of code execution.

3) Use of insufficiently random values (CVE-ID: CVE-2026-34871)

The vulnerability allows a local user to compromise cryptographic operations by causing the use of predictable random data.

The vulnerability exists due to improper fallback to /dev/urandom in entropy collection on Linux when getrandom() is unavailable or blocked. A local user can control the system state or restrict access to getrandom() to force the use of /dev/urandom during early boot, leading to insufficient entropy and predictable cryptographic outputs.

Devices without hardware random number generators are especially at risk during initial boot or OS installation. The issue affects Linux platforms where getrandom() is not available (kernel <3.17), blocked by sandboxing, or not supported by the C library.

4) Use of insufficiently random values (CVE-ID: CVE-2026-25835)

The vulnerability allows a local user to obtain predictable random numbers.

The vulnerability exists due to insufficient randomness in the PSA random generator when application state is cloned. A local user can exploit system or application cloning scenarios such as fork(), VM cloning, or hibernation resume to cause multiple instances to generate identical random outputs, enabling prediction of cryptographic keys and nonces.

Applications that use the PSA random generator are affected when the system or application state is cloned without reseeding the generator. This includes scenarios such as fork() on Unix-like systems, virtual machine cloning, and resuming hibernation images multiple times.

5) Improper Authentication (CVE-ID: CVE-2026-34873)

The vulnerability allows a remote attacker to impersonate a legitimate client during TLS session resumption.

The vulnerability exists due to improper session validation in the TLS 1.3 session resumption mechanism when handling a downgrade from TLS 1.3 to TLS 1.2 after a HelloRetryRequest. A remote attacker can intercept the HelloRetryRequest and send a specially crafted ClientHello that negotiates TLS 1.2 to impersonate a legitimate client and bypass authentication mechanisms.

The server incorrectly proceeds to resume a TLS 1.2 session using an all-zero master secret, potentially allowing the attacker to inherit application-level privileges if session tickets encode authorization data.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2026-3a9536df40