Acknowledged
Created: Mar 25, 2025
Updated: Jul 4, 2025
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace
During the TLS handshake, the Finished message ensures that the handshake has not been tampered with by an active attacker. If a memory allocation fails or a cryptographic hardware driver returns an error at a specific point during the handshake, the Finished message will be incorrectly calculated to be the contents of uninitialized stack memory.
CREATE(Triage):(User=admin) CVE-2025-27810 (https://nvd.nist.gov/vuln/detail/CVE-2025-27810)