Description
Issue summary: Applications using AES-CFB128 encryption or decryption on
systems with AVX-512 and VAES support can trigger an out-of-bounds read
of up to 15 bytes when processing partial cipher blocks.

Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application if the input buffer ends at a memory
page boundary and the following page is unmapped. There is no information
disclosure as the over-read bytes are not written to output.

The vulnerable code path is only reached when processing partial blocks
(when a previous call left an incomplete block and the current call provides
fewer bytes than needed to complete it). Additionally, the input buffer
must be positioned at a page boundary with the following page unmapped.
CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or
ChaCha20-Poly1305 instead. For these reasons the issue was assessed as
Low severity according to our Security Policy.

Only x86-64 systems with AVX-512 and VAES instruction support are affected.
Other architectures and systems without VAES support use different code
paths that are not affected.

OpenSSL FIPS module in 3.6 version is affected by this issue.
Published: 2026-04-07
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

This vulnerability is an out-of-bounds read in the AES-CFB128 implementation on x86-64 systems that enable AVX‑512 and VAES. The over‑read can access up to fifteen bytes beyond the supplied input buffer when the function processes a partial block that spans a page boundary. Because the read is performed only for addresses that are not really part of the buffer, it may trigger a fault if the next page is unmapped. The fault manifests as a process crash, resulting in a denial of service. No sensitive data is disclosed because the victim does not record the read bytes.

Affected Systems

Affects OpenSSL versions that use the AVX‑512 accelerated AES‑CFB128 path on x86‑64 hosts. This includes the OpenSSL FIPS module version 3.6. No other architectures or non‑AVX‑512‑enabled x86‑64 systems are impacted. The issue does not exist in TLS/DTLS protocols, which use separate cipher suites. The vulnerability only materializes when an application has an unfinished block from a previous call and the next call provides fewer bytes than required to finish it, and the input buffer ends precisely on a page boundary with the succeeding page unmapped.

Risk and Exploitability

The bug is rated CVSS 9.1, indicating high impact, yet the exploit probability is extremely low. EPSS suggests less than 1% chance of exploitation, and the vendor did not list it in KEV. In order to trigger the crash, an attacker would need to craft ciphertext that forces the decryption routine to read outside buffer bounds, a scenario that also depends on the memory layout of the victim process. Because typical applications avoid placing data on page boundaries, and because CFB mode is not used in the most common TLS implementations, the practical risk to most deployments is modest, leading the vendor to classify it as low severity.

Generated by OpenCVE AI on April 10, 2026 at 22:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenSSL to the latest patch that removes the AVX‑512 accelerated AES‑CFB128 path, including the FIPS module; the corrective commit is referenced in the official advisory. If a patch is not yet available, avoid using AES‑CFB128 with AVX‑512 on x86‑64 or binary‑compile OpenSSL with "-mno-avx512" to disable the vulnerable code path. Ensure any deployed binaries are built with the latest OpenSSL release and confirm that no ciphertext is processed on page boundaries with unmapped adjacent pages. Regularly review vendor advisories and update OpenSSL patches as they become available.

Generated by OpenCVE AI on April 10, 2026 at 22:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}

Fri, 10 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-805
References
Metrics threat_severity

None

 cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Openssl
Openssl openssl
Vendors & Products Openssl
Openssl openssl

Tue, 07 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Description Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not written to output. The vulnerable code path is only reached when processing partial blocks (when a previous call left an incomplete block and the current call provides fewer bytes than needed to complete it). Additionally, the input buffer must be positioned at a page boundary with the following page unmapped. CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or ChaCha20-Poly1305 instead. For these reasons the issue was assessed as Low severity according to our Security Policy. Only x86-64 systems with AVX-512 and VAES instruction support are affected. Other architectures and systems without VAES support use different code paths that are not affected. OpenSSL FIPS module in 3.6 version is affected by this issue.
Title Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support
Weaknesses CWE-125
References

Subscriptions

Openssl Openssl
cve-icon MITRE

Status: PUBLISHED

Assigner: openssl

Published:

Updated: 2026-04-10T20:16:08.389Z

Reserved: 2026-02-27T13:45:02.161Z

Link: CVE-2026-28386

cve-icon Vulnrichment

Updated: 2026-04-10T20:16:01.884Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T22:16:20.513

Modified: 2026-04-24T18:28:21.313

Link: CVE-2026-28386

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-07T00:00:00Z

Links: CVE-2026-28386 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:26:18Z

Weaknesses