Skip to content

Commit 980afc8

Browse files
danieldegrassedanieldegrasse
committed
doc: releases: 4.2: add notes for mbedtls 3.6.4 update
Add release notes for mbedtls 3.6.4 update, including CVEs resolved with this release. Signed-off-by: Daniel DeGrasse <ddegrasse@tenstorrent.com>
1 parent a07fef8 commit 980afc8

File tree

1 file changed

+19
-2
lines changed

1 file changed

+19
-2
lines changed

doc/releases/release-notes-4.2.rst

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,20 @@ The following CVEs are addressed by this release:
4949
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/>`_
5050
* :cve:`2025-2962` `Infinite loop in dns_copy_qname
5151
<https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2qp5-c2vq-g2ww>`_
52+
* :cve:`2025-52496` `Race condition in AESNI support detection
53+
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-1/>`_
54+
* :cve:`2025-52497` `Heap buffer under-read when parsing PEM-encrypted material
55+
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-2/>`_
56+
* :cve:`2025-49600` `Unchecked return value in LMS verification allows signature bypass
57+
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-3/>`_
58+
* :cve:`2025-49601` `Out-of-bounds read in mbedtls_lms_import_public_key()
59+
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-4/>`_
60+
* :cve:`2025-49087` `Timing side-channel in block cipher decryption with PKCS#7 padding
61+
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-5/>`_
62+
* :cve:`2025-48965` `NULL pointer dereference after using mbedtls_asn1_store_named_data()
63+
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-6/>`_
64+
* :cve:`2025-47917` `Misleading memory management in mbedtls_x509_string_to_names()
65+
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-7/>`_
5266

5367
More detailed information can be found in:
5468
https://docs.zephyrproject.org/latest/security/vulnerabilities.html
@@ -1214,8 +1228,11 @@ Other notable changes
12141228
for New Design) and it is not supported anymore in the STM32CubeWBA from version 1.1.0 (July 2023).
12151229
The migration to :zephyr:board:`nucleo_wba55cg` (``nucleo_wba55cg``) is recommended instead.
12161230

1217-
* Updated Mbed TLS to version 3.6.3 (from 3.6.2). The release notes can be found at:
1218-
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3
1231+
* Updated Mbed TLS to version 3.6.4 (from 3.6.2). Release notes for 3.6.3 and
1232+
3.6.4 can be found below:
1233+
1234+
* 3.6.3: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3
1235+
* 3.6.4: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4
12191236

12201237
* Updated TF-M to version 2.1.2 (from 2.1.1). The release notes can be found at:
12211238
https://trustedfirmware-m.readthedocs.io/en/tf-mv2.1.2/releases/2.1.2.html

0 commit comments

Comments
 (0)