Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26084: The armv8_dec_aes_gcm_full() API fails to the verify the authentication tag of AES-GCM protected data

The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.

CVE
Open in Source
#perl#auth

Impact

Due to an improperly initialized variable in the armv8_dec_aes_gcm_full() function, the computed AES-GCM authentication tag is believed to be of zero length and is thus not verified, instead the authentication is always reported as successful.

A man-in-the-middle could modify data (e.g. network packets) which would not be detected by the AES-GCM authentication mechanism. The resulting cleartext data corruption would be random as only the encrypted ciphertext can be modified. If AArch64cryptolib is used with e.g. IPsec, replay attacks (of unmodified encrypted data) might also be possible.

Patches

The problem is fixed in commit 86065c6

Workarounds

Use the alternate armv8_dec_aes_gcm_from_state() API where the authentication tag size is specified by the caller.

References

#5

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE