From: Daniel Kubec Date: Wed, 18 Mar 2026 10:27:52 +0000 (+0100) Subject: Out-of-bounds read in AES-CFB-128 on X86-64 with AVX-512 support X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7464ccdd43f600decd0af571556a1fc56ccd6419;p=thirdparty%2Fopenssl.git Out-of-bounds read in AES-CFB-128 on X86-64 with AVX-512 support The partial-block pre-processing code in ossl_aes_cfb128_vaes_enc and ossl_aes_cfb128_vaes_dec unconditionally loads 16 bytes from the input buffer using unmasked vmovdqu8 instructions, even when fewer bytes are valid. This can read 1–15 bytes beyond the provided buffer. The post-processing code in the same file correctly uses masked loads to avoid this issue. Fixes CVE-2026-28386 Co-Authored-by: Stanislav Fort Co-Authored-by: Pavel Kohout Co-Authored-by: Alex Gaynor Reviewed-by: Shane Lontis Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz MergeDate: Mon Apr 6 19:16:26 2026 --- diff --git a/crypto/aes/asm/aes-cfb-avx512.pl b/crypto/aes/asm/aes-cfb-avx512.pl index 8136f16e55b..01047a0d664 100644 --- a/crypto/aes/asm/aes-cfb-avx512.pl +++ b/crypto/aes/asm/aes-cfb-avx512.pl @@ -499,8 +499,8 @@ $code.=<<___; and \$0x0F,%al # wrap-around $num in a 16-byte block leaq ($num,$ivp),%r11 # process $left iv bytes - vmovdqu8 (%r11),%xmm0 - vmovdqu8 ($inp),%xmm1 # process $left input bytes + vmovdqu8 (%r11),%xmm0{%k1}{z} + vmovdqu8 ($inp),%xmm1{%k1}{z} # process $left input bytes vpxor %xmm0,%xmm1,%xmm2 # CipherFeedBack XOR vmovdqu8 %xmm2,($out){%k1} # write $left output bytes vmovdqu8 %xmm2,(%r11){%k1} # blend $left output bytes into iv @@ -753,8 +753,8 @@ $code.=<<___; and \$0x0F,%al # wrap-around in a 16-byte block leaq ($num,$ivp),%r11 # process $left iv bytes - vmovdqu8 (%r11),%xmm0 - vmovdqu8 ($inp),%xmm1 # process $left input bytes + vmovdqu8 (%r11),%xmm0{%k1}{z} + vmovdqu8 ($inp),%xmm1{%k1}{z} # process $left input bytes vpxor %xmm0,%xmm1,%xmm2 # CipherFeedBack XOR vmovdqu8 %xmm2,($out){%k1} # write $left output bytes vmovdqu8 %xmm1,(%r11){%k1} # blend $left input bytes into iv