Wind River Support Network

HomeDefectsLIN1021-14630
Acknowledged

LIN1021-14630 : Security Advisory - mbedtls - CVE-2025-27810

Created: Mar 25, 2025    Updated: Jul 4, 2025
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

During the TLS handshake, the Finished message ensures that the handshake has not been tampered with by an active attacker. If a memory allocation fails or a cryptographic hardware driver returns an error at a specific point during the handshake, the Finished message will be incorrectly calculated to be the contents of uninitialized stack memory.

CREATE(Triage):(User=admin) CVE-2025-27810 (https://nvd.nist.gov/vuln/detail/CVE-2025-27810)
Live chat
Online