Date: Fri, 15 Jul 2022 11:23:13 GMT
<p>We discuss the CVE-2022-2274 OpenSSL Vulnerability.</p> <p>The OpenSSL 3.0.4 release introduced a serious bug in the RSA</p> <p>implementation for X86_64 CPUs supporting the AVX512IFMA instructions.</p> <p>This issue makes the RSA implementation with 2048 bit private keys</p> <p>incorrect on such machines and memory corruption will happen during</p> <p>the computation. As a consequence of the memory corruption an attacker</p> <p>may be able to trigger a remote code execution on the machine performing</p> <p>the computation.</p> <p>0:00 Intro</p> <p>1:00 CVE-2022-2274</p> <p>3:00 AVX512IFMA CISC</p> <p>5:00 How the bug works</p> <p>7:10 How can it be triggered</p> <p>Resources</p> <p>https://www.openssl.org/news/secadv/20220705.txt</p> <p>https://github.com/openssl/openssl/issues/18625</p> <p>https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/</p> <p>https://eprint.iacr.org/2018/335</p> <p>https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345</p> <p>https://linux.die.net/man/3/bn_internal</p> <p>https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html</p> <p>https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/</p> <p>Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)</p> <p>https://network.husseinnasser.com</p>