From nobody Tue Sep 30 16:49:07 2025
X-Original-To: freebsd-security-notifications@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cbkY004cHz69Kkr
	for <freebsd-security-notifications@mlmmj.nyi.freebsd.org>; Tue, 30 Sep 2025 16:49:08 +0000 (UTC)
	(envelope-from security-advisories@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "freefall.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cbkXz2pWYz3s2P;
	Tue, 30 Sep 2025 16:49:07 +0000 (UTC)
	(envelope-from security-advisories@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1759250947; h=from:from:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc; bh=Lu/1pvKuSyiT+T6qKkgGuMvA1Kpt0lvT4jyb+2bOlvg=;
	b=dOp0BDA2JRIpzZ1uZmLoBoIze+N0FLTBoNhOkpcL4WGC/fRixW0PW7MO2nZo71F75xAwSE
	0uaP4kkFC8watbRfpsiRJh42wOKcPENGMOhHWZsJzwdBtLAzjjFhgLenHdQQv9lYDqunBD
	8WD1Phigx1HqIDCpciWyLQYIvpSxUr96JtlXAdkrXj9QF2cP4a2mBsFdh22uM97/F1IoDM
	qOfzpXV8OAuXDx4j3M0hSLasSIKsxesllpyV8Nsm2RythDCtEbig3hucjLxbKdqhUAAMk9
	A6/QsUxnuAf1zKikFtI+zPGlgoMxnJOriKWXvK6DyVS3rIF5cZ9/3jPv4R2z5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1759250947; h=from:from:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc;
	bh=Lu/1pvKuSyiT+T6qKkgGuMvA1Kpt0lvT4jyb+2bOlvg=;
	b=GLwnszpvxaphwqZ+0PCRkSkwNP2NQjfhDm2NAFs6ISbmPtkC+KWdDpCf1MYyLvEEHyMauq
	madO9pvdgkoDgl5tcAdrDYAcP0V7w04IVf7sYBIjiyH9b5DqCZX9pMu8yaw2GHEy5YBjUO
	amvyRl7JZVVzxfQvhW+Jh30fm/mgUkgifrbxPebCGc7NITJYiCUQnxE21f4DIQa1F+2LqR
	QZJhMheC47Sz0qm3roF7kRbBKduuKd0Pk9EkgMIeHrgr2cO41XXWTnh8dKulNxREe2VPKv
	JBBPxBgrLU2yGbQzBpJXZllKqOkGsjBTbCAOTBWSgArKaARHehkv1+CmGp255Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1759250947; a=rsa-sha256; cv=none;
	b=XuTwN0NsihzEwwuF8sdhO+MJmeveZO6nRtDdwq4ZCJFjWTViqyxqaoql5apQr0ztVZqyQ+
	wz1KLTf9E3+hOm51J6ZY/vaPvCRpB4LW2F0bvKmOzl9ksNqxkIscsQMFZESP7GRgkdP7KL
	Df66SLl61hzhR5bsUlNIUdAhNuNgfvs3tmgQtskrkOwWKSiFY9cFNSZwhVArTGzutmcv3b
	BNKOc6hriQ+mqXP1fPT8MFIs4ezfq4eh6JUiaKEIJa1ov3OHkGdWp1cfuf9KRsrHNJglB6
	XdS9uWZoaJTF458kQaiwjA+LaWJjzUeKJBi9CAeWUN2ONEz6rIyw7shBdwd7bw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: by freefall.freebsd.org (Postfix, from userid 945)
	id 337791A2F6; Tue, 30 Sep 2025 16:49:07 +0000 (-00)
From: FreeBSD Security Advisories <security-advisories@freebsd.org>
To: FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject: FreeBSD Security Advisory FreeBSD-SA-25:08.openssl
Reply-To: freebsd-security@freebsd.org
Precedence: bulk
Message-Id: <20250930164907.337791A2F6@freefall.freebsd.org>
Date: Tue, 30 Sep 2025 16:49:07 +0000 (-00)
List-Id: Moderated Security Notifications [moderated, low volume] <freebsd-security-notifications.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-security-notifications
List-Help: <mailto:security-notifications+help@freebsd.org>
List-Post: <mailto:security-notifications@freebsd.org>
List-Subscribe: <mailto:security-notifications+subscribe@freebsd.org>
List-Unsubscribe: <mailto:security-notifications+unsubscribe@freebsd.org>
X-BeenThere: freebsd-security-notifications@freebsd.org
Sender: owner-freebsd-security-notifications@FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-25:08.openssl                                    Security Advisory
                                                          The FreeBSD Project

Topic:          Multiple vulnerabilities in OpenSSL

Category:       contrib
Module:         openssl
Announced:      2025-09-30
Credits:        Stanislav Fort (Aisle Research)
Affects:        All supported versions of FreeBSD.
Corrected:      2025-09-30 15:26:14 UTC (stable/15, 15.0-ALPHA4)
                2025-09-30 15:28:38 UTC (stable/14, 14.3-STABLE)
                2025-09-30 15:37:16 UTC (releng/14.3, 14.3-RELEASE-p4)
                2025-09-30 15:37:25 UTC (releng/14.2, 14.2-RELEASE-p7)
                2025-09-30 15:30:02 UTC (stable/13, 13.5-STABLE)
                2025-09-30 15:37:35 UTC (releng/13.5, 13.5-RELEASE-p5)
CVE Name:       CVE-2025-9230, CVE-2025-9231, CVE-2025-9232

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

I.   Background

FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is a
collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit for the Transport Layer Security (TLS) protocol.  It is
also a general-purpose cryptography library.

II.  Problem Description

* Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
Affects: FreeBSD 15.x, 14.x, and 13.x

An application trying to decrypt cryptographic message syntax (CMS) messages
encrypted using password based encryption can trigger an out-of-bounds read
and write.

* Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231)
Affects: FreeBSD 15.x only

A timing side-channel which could potentially allow remote recovery of the
private key exists in the SM2 algorithm implementation on 64-bit ARM
platforms.

* Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232)
Affects: FreeBSD 15.x and 14.x only

An application using the OpenSSL HTTP client API functions may trigger an
out-of-bounds read if the "no_proxy" environment variable is set and the host
portion of the authority component of the HTTP URL is an IPv6 address.

III. Impact

* Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
Affects: FreeBSD 15.x, 14.x, and 13.x

The out-of-bounds read may trigger a crash which leads to denial of service
for an application.  The out-of-bounds write can cause a memory corruption
which can have various consequences including a denial of service or
execution of attacker-supplied code.

Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that an attacker would be able to
perform it is low.  Password based (PWRI) encryption support in CMS
messages is very rarely used.

* Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231)
Affects: FreeBSD 15.x only

A timing side-channel in SM2 signature computations on 64 bit ARM platforms
could allow recovering the private key by an attacker.

OpenSSL does not directly support certificates with SM2 keys in TLS, and so
this CVE is not relevant in most TLS contexts.  However, it is possible to
add support for such certificates via a custom provider.

* Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232)
Affects: FreeBSD 15.x and 14.x only

An out-of-bounds read can trigger a crash which leads to denial of service
for an application.

The OpenSSL HTTP client API functions can be used directly by applications
but they are also used by the OCSP client functions and CMP (Certificate
Management Protocol) client implementation in OpenSSL.  However the URLs used
by these implementations are unlikely to be controlled by an attacker.

In this vulnerable code the out of bounds read can only trigger a crash.
Furthermore the vulnerability requires an attacker-controlled URL to be
passed from an application to the OpenSSL function and the user has to have
a "no_proxy" environment variable set.

IV.  Workaround

No workaround is available. Several of the issues have mitigating factors.
Please see the Impact section for more details.

V.   Solution

Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

Perform one of the following:

1) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 15.x]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-15.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-15.patch.asc
# gpg --verify openssl-15.patch.asc

[FreeBSD 14.x]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-14.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-14.patch.asc
# gpg --verify openssl-14.patch.asc

[FreeBSD 13.5]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-13.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-13.patch.asc
# gpg --verify openssl-13.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart all daemons that use the library, or reboot the system.

VI.  Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/15/                              4d6fd774b5b3    stable/15-n280387
stable/14/                              270158508d7c    stable/14-n272541
releng/14.3/                            75d258af9fe9  releng/14.3-n271446
releng/14.2/                            6a0d914d9c3e  releng/14.2-n269537
stable/13/                              c0dbaf2b5dbd    stable/13-n259448
releng/13.5/                            ae7c74cfa531  releng/13.5-n259178
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://openssl-library.org/news/secadv/20250930.txt>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9231>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-25:08.openssl.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjb+z4ACgkQbljekB8A
Gu8kgA//TsqChpypUuth9KRbWpU0noUkxkbIS1CI1YYRmZn6GF52YNhe9enKN4Gc
PeUSZOsfbABv0UGfUPbaD4VifGni/ss/bhSK5nzmfbOLDbnOX1oodLVNhspDjv9K
kJPz7C3zzUrNchCZzDRvrulMXeoYOKmqY/Mc0VViXqeg2k6IqXlCPm62jFc4Glpw
g0pvTyXNhbebuP/XGGYq4nQW2ZUX+Z6yvKqCn8d/7YHRRb48KP7c5LCryUU3UdQa
pjcHX0U8dYsJlQIqWH7HPn9RrWX87EN5v7csZN+fV030lgtnsTsFRK3TxrdTTvxt
JgyNQVXy/RTmd1tQLo1dVZRjdav5MBYVBxgmweL54VcPYngTZWjEY7HjUr0WWU32
1Fhf7Bs4q+vWalDkyA8nxyXPG4Lq018yRRxwKebsRy2fm5SqlJSK5g7TNRvo0QfM
LnfZItuya9flw6r3I9ypjKaY1WAz5Kzt83yr2be7GzLEDCuCd882JeYwmqyRnUKQ
+/IPbE7VM3oK7lzJfVuKyRxWPXWLxAaEDKNTafSNWfsz/TolyBxsF6obYaZOkw1C
mstsaaMnHdV9+GktwavCRVV6M0WK4o7xvn1nUSHPwKWpq4dfjH7syujeO483+pz3
tZoLEkWhaNn3KmIQKbl+t+CjzDRoshzZg6Xl1UVoZvrtOyX/IUY=
=nUv2
-----END PGP SIGNATURE-----