Kunpeng BoostKit 21.0.0.SPC1
OpenSSL CVE-2022-0778 Vulnerability
Trouble Ticket No. |
DTS: DTS2022031614710 Vulnerability ID: HWPSIRT-2022-46709 |
|---|---|
Symptom |
The product involves a security vulnerability in OpenSSL 1.0.1k. The external CVE number is CVE-2022-0778. The BN_mod_sqrt function of OpenSSL 1.1.1k has a bug, which may cause an infinite loop in non-prime number scenarios. |
Severity |
Minor |
Root Cause |
OpenSSL 1.1.1k used by the product has the CVE-2022-0778 vulnerability. |
Solution |
Use the OpenSSL software in which this vulnerability has been fixed. |
Impact |
None |
Test Suggestion |
Obtain the tag of OpenSSL 1.1.1k used for version build and compare it with the vulnerability fix list of the tag. If the list contains the CVE-2022-0778 vulnerability, the vulnerability has been fixed. |
OpenSSL CVE-2021-4160 Vulnerability
Trouble Ticket No. |
DTS: DTS2022012903143 Vulnerability ID: HWPSIRT-2022-00229 |
|---|---|
Symptom |
The product involves a security vulnerability in OpenSSL 1.0.1k. The external CVE number is CVE-2021-4160. OpenSSL 1.1.1k enables assembly acceleration on the MIPS platform. When the square of a large number is calculated, a carry propagation error occurs. As a result, the algorithms that use the square of a large number are affected. OmniData 1.1.0 does not support the MIPS platform and is therefore not affected by this vulnerability. |
Severity |
Minor |
Root Cause |
OpenSSL 1.1.1k used by the product has the CVE-2021-4160 vulnerability. |
Solution |
Use the OpenSSL software in which this vulnerability has been fixed. |
Impact |
None |
Test Suggestion |
Obtain the tag of OpenSSL 1.1.1k used for version build and compare it with the vulnerability fix list of the tag. If the list contains the CVE-2021-4160 vulnerability, the vulnerability has been fixed. |