CVE-2021-45451: 
Mbed TLS vulnerability analysis and mitigation

CVE-2021-45451 affects Mbed TLS versions before 3.1.0. The vulnerability is related to the psaaeadgenerate_nonce function, which allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application (NVD, CVE). The vulnerability was disclosed on December 21, 2021.

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The issue is classified under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). The vulnerability specifically involves the psaaeadgenerate_nonce function reading back from the output buffer, which can lead to security implications when the buffer is in shared memory (NVD).

The vulnerability could potentially lead to policy bypass or enable oracle-based decryption attacks when the output buffer is located in memory areas that untrusted applications can access. This could result in unauthorized access to sensitive information or compromise of cryptographic operations (NVD).

The vulnerability has been fixed in Mbed TLS version 3.1.0. Users are advised to upgrade to this version or later. The fix involves modifying psaaeadgenerate_nonce to prevent reading back from the output buffer (GitHub Release). Various Linux distributions, including Fedora 36 and 37, have released security updates to address this vulnerability (Fedora Update 36, Fedora Update 37).