CVE-2023-6129: POLY1305 MAC implementation corrupts vector registers on PowerPC
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications running
on PowerPC CPU based platforms if the CPU provides vector instructions.
Impact summary: If an attacker can influence whether the POLY1305 MAC
algorithm is used, the application state might be corrupted with various
application dependent consequences.
The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs restores the contents of vector registers in a different order
than they are saved. Thus the contents of some of these vector registers
are corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the application
process. However unless the compiler uses the vector registers for storing
pointers, the most likely consequence, if any, would be an incorrect result
of some application dependent calculations or a crash leading to a denial of
service.
The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3. If this cipher is enabled on the server a malicious
client can influence whether this AEAD cipher is used. This implies that
TLS server applications using OpenSSL can be potentially impacted. However
we are currently not aware of any concrete application that would be affected
by this issue therefore we consider this a Low severity security issue.
Security readout for executives and security teams
CVE-2023-6129 is an OpenSSL bug on newer PowerPC systems where a cryptographic routine can accidentally damage application state. A malicious TLS client may be able to trigger use of CHACHA20-POLY1305 if the server allows it. Expected outcomes are application-specific, most likely wrong calculations or a crash, with no confirmed affected application cited. Exposure is narrow: OpenSSL 3.0.0, 3.1.0, or 3.2.0 on newer PowerPC CPUs with vector instructions, especially TLS servers that enable CHACHA20-POLY1305. Non-PowerPC platforms are not identified as affected in the source bundle. Applications not using POLY1305 are less likely exposed. Treat this as targeted patching, not a broad emergency. Focus on PowerPC-based servers or products using OpenSSL with TLS. The risk is credible but narrow, and the available sources do not show active exploitation or named real-world compromised applications. Mitigation focus: Upgrade OpenSSL to a vendor-fixed release for the deployed branch.; Prioritize PowerPC systems using OpenSSL in TLS server roles.; Review whether CHACHA20-POLY1305 is enabled where PowerPC OpenSSL is deployed..
Prepared
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-440: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-440 · source CWE mapping
Expected Behavior Violation
Expected Behavior Violation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.