new file mode 100644
@@ -0,0 +1,38 @@
+From c3a892a972fd2476ec3588dfd12ce81be96bc64a Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 5 Aug 2025 18:42:31 +0200
+Subject: [PATCH] CVE-2025-8277: packet: Adjust packet filter to work when
+ DH-GEX is guessed wrongly
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit 4310a696f2d632c6742678077d703d9b9ff3bc0e)
+(cherry picked from commit 87db2659ec608a977a63eea529f17b9168388d73)
+
+CVE: CVE-2025-8277
+Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.11.3&id=87db2659ec608a977a63eea529f17b9168388d73]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/packet.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/packet.c b/src/packet.c
+index f15aa2ad..f54b3158 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -294,6 +294,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
+ * or session_state == SSH_SESSION_STATE_INITIAL_KEX
+ * - dh_handshake_state == DH_STATE_INIT
+ * or dh_handshake_state == DH_STATE_INIT_SENT (re-exchange)
++ * or dh_handshake_state == DH_STATE_REQUEST_SENT (dh-gex)
+ * or dh_handshake_state == DH_STATE_FINISHED (re-exchange)
+ *
+ * Transitions:
+@@ -313,6 +314,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
+
+ if ((session->dh_handshake_state != DH_STATE_INIT) &&
+ (session->dh_handshake_state != DH_STATE_INIT_SENT) &&
++ (session->dh_handshake_state != DH_STATE_REQUEST_SENT) &&
+ (session->dh_handshake_state != DH_STATE_FINISHED))
+ {
+ rc = SSH_PACKET_DENIED;
new file mode 100644
@@ -0,0 +1,110 @@
+From 5377fd08f2818799d3e6107078e2bdb9ec1f9529 Mon Sep 17 00:00:00 2001
+From: Francesco Rollo <eferollo@gmail.com>
+Date: Thu, 24 Jul 2025 16:30:07 +0300
+Subject: [PATCH] CVE-2025-8277: Fix memory leak of unused ephemeral key pair
+ after client's wrong KEX guess
+
+Signed-off-by: Francesco Rollo <eferollo@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit ccff22d3787c1355b3f0dcd09fe54d90acc55bf1)
+(cherry picked from commit 266174a6d36687b65cf90174f06af90b8b27c65f)
+
+CVE: CVE-2025-8277
+Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.11.3&id=266174a6d36687b65cf90174f06af90b8b27c65f]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/dh_crypto.c | 5 +++++
+ src/dh_key.c | 5 +++++
+ src/ecdh_crypto.c | 11 +++++++++++
+ src/ecdh_gcrypt.c | 6 ++++++
+ src/ecdh_mbedcrypto.c | 6 ++++++
+ 5 files changed, 33 insertions(+)
+
+diff --git a/src/dh_crypto.c b/src/dh_crypto.c
+index 4dd9b507..cedfbc81 100644
+--- a/src/dh_crypto.c
++++ b/src/dh_crypto.c
+@@ -407,6 +407,11 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
+ struct dh_ctx *ctx = NULL;
+ int rc;
+
++ /* Cleanup any previously allocated dh_ctx */
++ if (crypto->dh_ctx != NULL) {
++ ssh_dh_cleanup(crypto);
++ }
++
+ ctx = calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ return SSH_ERROR;
+diff --git a/src/dh_key.c b/src/dh_key.c
+index 20d24a31..d9743ceb 100644
+--- a/src/dh_key.c
++++ b/src/dh_key.c
+@@ -237,6 +237,11 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
+ struct dh_ctx *ctx = NULL;
+ int rc;
+
++ /* Cleanup any previously allocated dh_ctx */
++ if (crypto->dh_ctx != NULL) {
++ ssh_dh_cleanup(crypto);
++ }
++
+ ctx = calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ return SSH_ERROR;
+diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
+index 57c3dc89..a286804f 100644
+--- a/src/ecdh_crypto.c
++++ b/src/ecdh_crypto.c
+@@ -191,6 +191,17 @@ static ssh_string ssh_ecdh_generate(ssh_session session)
+ #endif /* OPENSSL_VERSION_NUMBER */
+ return NULL;
+ }
++
++ /* Free any previously allocated privkey */
++ if (session->next_crypto->ecdh_privkey != NULL) {
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++ EC_KEY_free(session->next_crypto->ecdh_privkey);
++#else
++ EVP_PKEY_free(session->next_crypto->ecdh_privkey);
++#endif
++ session->next_crypto->ecdh_privkey = NULL;
++ }
++
+ session->next_crypto->ecdh_privkey = key;
+ return pubkey_string;
+ }
+diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
+index a52ca84d..8eabfe18 100644
+--- a/src/ecdh_gcrypt.c
++++ b/src/ecdh_gcrypt.c
+@@ -101,6 +101,12 @@ int ssh_client_ecdh_init(ssh_session session)
+ goto out;
+ }
+
++ /* Free any previously allocated privkey */
++ if (session->next_crypto->ecdh_privkey != NULL) {
++ gcry_sexp_release(session->next_crypto->ecdh_privkey);
++ session->next_crypto->ecdh_privkey = NULL;
++ }
++
+ session->next_crypto->ecdh_privkey = key;
+ key = NULL;
+ session->next_crypto->ecdh_client_pubkey = client_pubkey;
+diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
+index 1d9c8f36..d31bfcc7 100644
+--- a/src/ecdh_mbedcrypto.c
++++ b/src/ecdh_mbedcrypto.c
+@@ -70,6 +70,12 @@ int ssh_client_ecdh_init(ssh_session session)
+ return SSH_ERROR;
+ }
+
++ /* Free any previously allocated privkey */
++ if (session->next_crypto->ecdh_privkey != NULL) {
++ mbedtls_ecp_keypair_free(session->next_crypto->ecdh_privkey);
++ SAFE_FREE(session->next_crypto->ecdh_privkey);
++ }
++
+ session->next_crypto->ecdh_privkey = malloc(sizeof(mbedtls_ecp_keypair));
+ if (session->next_crypto->ecdh_privkey == NULL) {
+ return SSH_ERROR;
new file mode 100644
@@ -0,0 +1,46 @@
+From 14567df40173f55b791d3722bcdf4fadfa7c7699 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 6 Aug 2025 11:10:38 +0200
+Subject: [PATCH] CVE-2025-8277: ecdh: Free previously allocated pubkeys
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit c9d95ab0c7a52b231bcec09afbea71944ed0d852)
+(cherry picked from commit 8e4d67aa9eda455bfad9ac610e54b7a548d0aa08)
+
+CVE: CVE-2025-8277
+Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.11.3&id=8e4d67aa9eda455bfad9ac610e54b7a548d0aa08]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/ecdh_crypto.c | 1 +
+ src/ecdh_gcrypt.c | 3 ++-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
+index a286804f..fb707c32 100644
+--- a/src/ecdh_crypto.c
++++ b/src/ecdh_crypto.c
+@@ -230,6 +230,7 @@ int ssh_client_ecdh_init(ssh_session session)
+ return SSH_ERROR;
+ }
+
++ ssh_string_free(session->next_crypto->ecdh_client_pubkey);
+ session->next_crypto->ecdh_client_pubkey = client_pubkey;
+
+ /* register the packet callbacks */
+diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
+index 8eabfe18..5dcd3929 100644
+--- a/src/ecdh_gcrypt.c
++++ b/src/ecdh_gcrypt.c
+@@ -106,9 +106,10 @@ int ssh_client_ecdh_init(ssh_session session)
+ gcry_sexp_release(session->next_crypto->ecdh_privkey);
+ session->next_crypto->ecdh_privkey = NULL;
+ }
+-
+ session->next_crypto->ecdh_privkey = key;
+ key = NULL;
++
++ SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
+ session->next_crypto->ecdh_client_pubkey = client_pubkey;
+ client_pubkey = NULL;
+
new file mode 100644
@@ -0,0 +1,46 @@
+From 0369e9049bc70ad054b826a844fd9eb19350f49c Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 6 Aug 2025 15:32:56 +0200
+Subject: [PATCH] CVE-2025-8277: mbedtls: Avoid leaking ecdh keys
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit ffed80f8c078122990a4eba2b275facd56dd43e0)
+(cherry picked from commit 1c763e29d138db87665e98983f468d2dd0f286c1)
+
+CVE: CVE-2025-8277
+Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.11.3&id=1c763e29d138db87665e98983f468d2dd0f286c1]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/ecdh_mbedcrypto.c | 1 +
+ src/wrapper.c | 5 ++++-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
+index d31bfcc7..860543d6 100644
+--- a/src/ecdh_mbedcrypto.c
++++ b/src/ecdh_mbedcrypto.c
+@@ -116,6 +116,7 @@ int ssh_client_ecdh_init(ssh_session session)
+ goto out;
+ }
+
++ SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
+ session->next_crypto->ecdh_client_pubkey = client_pubkey;
+ client_pubkey = NULL;
+
+diff --git a/src/wrapper.c b/src/wrapper.c
+index 8996b8ce..62513016 100644
+--- a/src/wrapper.c
++++ b/src/wrapper.c
+@@ -181,7 +181,10 @@ void crypto_free(struct ssh_crypto_struct *crypto)
+ #endif /* OPENSSL_VERSION_NUMBER */
+ #elif defined HAVE_GCRYPT_ECC
+ gcry_sexp_release(crypto->ecdh_privkey);
+-#endif
++#elif defined HAVE_LIBMBEDCRYPTO
++ mbedtls_ecp_keypair_free(crypto->ecdh_privkey);
++ SAFE_FREE(crypto->ecdh_privkey);
++#endif /* HAVE_LIBGCRYPT */
+ crypto->ecdh_privkey = NULL;
+ }
+ #endif
new file mode 100644
@@ -0,0 +1,47 @@
+From a1912d88cf40740f98656a288f8ec6f33369bcc3 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 6 Aug 2025 15:17:59 +0200
+Subject: [PATCH] CVE-2025-8114: Fix NULL pointer dereference after allocation
+ failure
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+(cherry picked from commit 53ac23ded4cb2c5463f6c4cd1525331bd578812d)
+(cherry picked from commit 65f363c9e3a22b90af7f74b5c439a133b1047379)
+
+CVE: CVE-2025-8114
+Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.11.3&id=65f363c9e3a22b90af7f74b5c439a133b1047379]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/kex.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/kex.c b/src/kex.c
+index bdfdcab4..29e43571 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -1487,6 +1487,8 @@ int ssh_make_sessionid(ssh_session session)
+ ssh_log_hexdump("hash buffer", ssh_buffer_get(buf), ssh_buffer_get_len(buf));
+ #endif
+
++ /* Set rc for the following switch statement in case we goto error. */
++ rc = SSH_ERROR;
+ switch (session->next_crypto->kex_type) {
+ case SSH_KEX_DH_GROUP1_SHA1:
+ case SSH_KEX_DH_GROUP14_SHA1:
+@@ -1546,6 +1548,7 @@ int ssh_make_sessionid(ssh_session session)
+ session->next_crypto->secret_hash);
+ break;
+ }
++
+ /* During the first kex, secret hash and session ID are equal. However, after
+ * a key re-exchange, a new secret hash is calculated. This hash will not replace
+ * but complement existing session id.
+@@ -1554,6 +1557,7 @@ int ssh_make_sessionid(ssh_session session)
+ session->next_crypto->session_id = malloc(session->next_crypto->digest_len);
+ if (session->next_crypto->session_id == NULL) {
+ ssh_set_error_oom(session);
++ rc = SSH_ERROR;
+ goto error;
+ }
+ memcpy(session->next_crypto->session_id, session->next_crypto->secret_hash,
@@ -9,6 +9,11 @@ DEPENDS = "zlib openssl"
SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.11;tag=${BPN}-${PV} \
file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \
file://run-ptest \
+ file://0001-CVE-2025-8277-packet-Adjust-packet-filter-to-work-wh.patch \
+ file://0002-CVE-2025-8277-Fix-memory-leak-of-unused-ephemeral-ke.patch \
+ file://0003-CVE-2025-8277-ecdh-Free-previously-allocated-pubkeys.patch \
+ file://0004-CVE-2025-8277-mbedtls-Avoid-leaking-ecdh-keys.patch \
+ file://0005-CVE-2025-8114-Fix-NULL-pointer-dereference-after-all.patch \
"
SRC_URI:append:toolchain-clang = " file://0001-CompilerChecks.cmake-drop-Wunused-variable-flag.patch"
CVE: CVE-2025-8277 Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.11.3&id=87db2659ec608a977a63eea529f17b9168388d73] [https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.11.3&id=266174a6d36687b65cf90174f06af90b8b27c65f] [https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.11.3&id=8e4d67aa9eda455bfad9ac610e54b7a548d0aa08] [https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.11.3&id=1c763e29d138db87665e98983f468d2dd0f286c1] CVE: CVE-2025-8114 Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.11.3&id=65f363c9e3a22b90af7f74b5c439a133b1047379] Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> --- ...cket-Adjust-packet-filter-to-work-wh.patch | 38 ++++++ ...x-memory-leak-of-unused-ephemeral-ke.patch | 110 ++++++++++++++++++ ...dh-Free-previously-allocated-pubkeys.patch | 46 ++++++++ ...8277-mbedtls-Avoid-leaking-ecdh-keys.patch | 46 ++++++++ ...x-NULL-pointer-dereference-after-all.patch | 47 ++++++++ .../recipes-support/libssh/libssh_0.11.2.bb | 5 + 6 files changed, 292 insertions(+) create mode 100644 meta-oe/recipes-support/libssh/libssh/0001-CVE-2025-8277-packet-Adjust-packet-filter-to-work-wh.patch create mode 100644 meta-oe/recipes-support/libssh/libssh/0002-CVE-2025-8277-Fix-memory-leak-of-unused-ephemeral-ke.patch create mode 100644 meta-oe/recipes-support/libssh/libssh/0003-CVE-2025-8277-ecdh-Free-previously-allocated-pubkeys.patch create mode 100644 meta-oe/recipes-support/libssh/libssh/0004-CVE-2025-8277-mbedtls-Avoid-leaking-ecdh-keys.patch create mode 100644 meta-oe/recipes-support/libssh/libssh/0005-CVE-2025-8114-Fix-NULL-pointer-dereference-after-all.patch