SB20260427166 - Fedora EPEL 10.1 update for mbedtls

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260427166

SB20260427166 - Fedora EPEL 10.1 update for mbedtls

Published: April 27, 2026

Security Bulletin ID SB20260427166
CSH Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 11% Medium 56% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 vulnerabilities.


1) Insufficient Technical Documentation (CVE-ID: CVE-2024-45157)

CWE-ID: CWE-1059 - Insufficient Technical Documentation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in product documentation. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and  MBEDTLS_CTR_DRBG_C are disabled.


2) Covert Timing Channel (CVE-ID: CVE-2025-59438)

CWE-ID: CWE-385 - Covert Timing Channel

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows an attacker to perform padding oracle attack.

The vulnerability exists due to padding oracle through timing of cipher error reporting. An attacker can recover plain texts encrypted with CBC-PKCS7 or other symmetric encryption mode using padding when it is decrypted through the PSA API.


3) Use of insufficiently random values (CVE-ID: CVE-2026-34871)

CWE-ID: CWE-330 - Use of Insufficiently Random Values

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise cryptographic operations by causing the use of predictable random data.

The vulnerability exists due to improper fallback to /dev/urandom in entropy collection on Linux when getrandom() is unavailable or blocked. A local user can control the system state or restrict access to getrandom() to force the use of /dev/urandom during early boot, leading to insufficient entropy and predictable cryptographic outputs.

Devices without hardware random number generators are especially at risk during initial boot or OS installation. The issue affects Linux platforms where getrandom() is not available (kernel <3.17), blocked by sandboxing, or not supported by the C library.


4) Use of insufficiently random values (CVE-ID: CVE-2026-25835)

CWE-ID: CWE-330 - Use of Insufficiently Random Values

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to obtain predictable random numbers.

The vulnerability exists due to insufficient randomness in the PSA random generator when application state is cloned. A local user can exploit system or application cloning scenarios such as fork(), VM cloning, or hibernation resume to cause multiple instances to generate identical random outputs, enabling prediction of cryptographic keys and nonces.

Applications that use the PSA random generator are affected when the system or application state is cloned without reseeding the generator. This includes scenarios such as fork() on Unix-like systems, virtual machine cloning, and resuming hibernation images multiple times.


5) Improper Authentication (CVE-ID: CVE-2026-34873)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to impersonate a legitimate client during TLS session resumption.

The vulnerability exists due to improper session validation in the TLS 1.3 session resumption mechanism when handling a downgrade from TLS 1.3 to TLS 1.2 after a HelloRetryRequest. A remote attacker can intercept the HelloRetryRequest and send a specially crafted ClientHello that negotiates TLS 1.2 to impersonate a legitimate client and bypass authentication mechanisms.

The server incorrectly proceeds to resume a TLS 1.2 session using an all-zero master secret, potentially allowing the attacker to inherit application-level privileges if session tickets encode authorization data.


6) Improper input validation (CVE-ID: CVE-2026-34872)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to force the FFDH shared secret into a small set of values.

The vulnerability exists due to improper input validation in the FFDH key agreement component when processing a peer's public key during key agreement using PSA_ALG_FFDH. A remote attacker can send a specially crafted public key to force the FFDH shared secret into a small set of values.

Applications are only affected if they use the PSA API to perform FFDH as part of a larger protocol that expects contributory behaviour from FFDH. TLS 1.2 and TLS 1.3 are not affected due to protocol-level protections.


7) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2025-66442)

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper protection against side-channel leakage in padding validation code when processing chosen ciphertexts and measuring decryption timing precisely. A remote attacker can submit crafted ciphertexts and observe precise decryption timing to disclose sensitive information.

This issue affects RSA PKCS#1 v1.5 decryption and one-and-zeros unpadding, and may enable recovery of ciphertext contents but not the key. It is known to occur when TF-PSA-Crypto or Mbed TLS is built with Clang 18 with the LLVM select-optimize feature enabled for 64-bit RISC-V.


8) Buffer overflow (CVE-ID: CVE-2026-34875)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in the psa_export_public_key() function when processing FFDH public key export requests. A remote attacker can send a specially crafted request with a small output buffer to cause memory corruption and potentially execute arbitrary code.

Applications exporting public keys for algorithms other than FFDH are not affected.


9) Improper access control (CVE-ID: CVE-2026-25834)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass security policies.

The vulnerability exists due to improper access control in the TLS 1.2 signature algorithm negotiation component when processing server responses during handshake. A remote attacker can send a specially crafted server response to cause the client to accept a signature algorithm not previously advertised in the client hello, leading to a security policy bypass.

The issue affects only TLS 1.2 connections and occurs when the server ignores the signature algorithms extension sent by the client. The client fails to enforce the configured policy via mbedtls_ssl_conf_sig_algs().


Remediation

Install update from vendor's website.

References