Skip to content

west: mbedtls: Bump to 3.6.4 #94596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 6, 2025
Merged

west: mbedtls: Bump to 3.6.4 #94596

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion doc/releases/release-notes-4.1.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,21 @@ The following CVEs are addressed by this release:
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/>`_
* :cve:`2025-27810` `Potential authentication bypass in TLS handshake
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/>`_
* :cve:`2025-47917` `Misleading memory management in mbedtls_x509_string_to_names()
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-7/>`_
* :cve:`2025-48965` `NULL pointer dereference after using mbedtls_asn1_store_named_data()
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-6/>`_
* :cve:`2025-49087` `Timing side-channel in block cipher decryption with PKCS#7 padding
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-5/>`_
* :cve:`2025-49600` `Unchecked return value in LMS verification allows signature bypass
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-3/>`_
* :cve:`2025-49601` `Out-of-bounds read in mbedtls_lms_import_public_key()
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-4/>`_
* :cve:`2025-52496` `Race condition in AESNI support detection
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-1/>`_
* :cve:`2025-52497` `Heap buffer under-read when parsing PEM-encrypted material
<https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-06-2/>`_


More detailed information can be found in:
https://docs.zephyrproject.org/latest/security/vulnerabilities.html
Expand All @@ -54,7 +69,8 @@ These GitHub issues were addressed since the previous 4.1.0 tagged release:
Mbed TLS
********

Mbed TLS was updated to version 3.6.3 (from 3.6.2). The release notes can be found at:
Mbed TLS was updated to version 3.6.4 (from 3.6.2). The release notes can be found at:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3

Mbed TLS 3.6 is an LTS release that will be supported
Expand Down
2 changes: 1 addition & 1 deletion west.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -298,7 +298,7 @@ manifest:
revision: 1ed1ddd881c3784049a92bb9fe37c38c6c74d998
path: modules/lib/gui/lvgl
- name: mbedtls
revision: 5f889934359deccf421554c7045a8381ef75298f
revision: 85440ef5fffa95d0e9971e9163719189cf34d979
path: modules/crypto/mbedtls
groups:
- crypto
Expand Down
Loading