openssl: fix CVE-2025-15468

To fix this issue, Add a NULL guard before dereferencing SSL_CIPHER. Backport patch from NVD report: https://nvd.nist.gov/vuln/detail/CVE-2025-15468 (From OE-Core rev: 4eb01c3d18dc268cc5aa03386247bf670075c88b) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-03-09 00:39:39 +01:00 · 2026-02-20 10:22:42 +05:30
parent fa64e0279b
commit dbdc8de0ef
2 changed files with 40 additions and 0 deletions
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch
@@ -0,0 +1,39 @@
+From 1f08e54bad32843044fe8a675948d65e3b4ece65 Mon Sep 17 00:00:00 2001
+From: Daniel Kubec <kubec@openssl.org>
+Date: Fri, 9 Jan 2026 14:33:24 +0100
+Subject: [PATCH] ossl_quic_get_cipher_by_char(): Add a NULL guard before
+ dereferencing SSL_CIPHER
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes CVE-2025-15468
+
+Reviewed-by: Saša Nedvědický <sashan@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+MergeDate: Mon Jan 26 19:36:04 2026
+(cherry picked from commit 293b55de0c434a99d0e744d0521170ca280606a9)
+
+CVE: CVE-2025-15468
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ ssl/quic/quic_impl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
+index 98b6a0a..4abde64 100644
+--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
+@@ -3646,6 +3646,8 @@ const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
+ {
+     const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
+ 
+    if (ciph == NULL)
+        return NULL;
+     if ((ciph->algorithm2 & SSL_QUIC) == 0)
+         return NULL;
+ 
+-- 
+2.50.1
+
--- a/meta/recipes-connectivity/openssl/openssl_3.2.6.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb
@@ -13,6 +13,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op
           file://0001-Configure-do-not-tweak-mips-cflags.patch \
           file://0001-Added-handshake-history-reporting-when-test-fails.patch \
           file://CVE-2024-41996.patch \
+           file://CVE-2025-15468.patch \
           "

 SRC_URI:append:class-nativesdk = " \