UBUNTU-CVE-2026-42769

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2026-42769
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42769.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-42769
Upstream
Downstream
Related
Published
2026-06-09T00:00:00Z
Modified
2026-06-12T09:12:23.145455271Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • Ubuntu - low
Summary
[none]
Details

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority (RA) level to the root Certification Authority (root CA) level. Impact Summary: The Registration Autority could replace the root CA certificate for the CMP clients with an arbitrary root CA certificate. One of the parts of the Certificate Management Protocol (CMP), specified in RFC 9810, is Root Certification Authority (root CA) key Rollover, which is sent by the server in a message with type 'id-it-rootCaKeyUpdate'. As part of these messages, 'newWithOld' certificate, the new root CA certificate signed with the old root CA key, is provided, and verifying its signature is crucial for transferring the trust from the old CA key to the new one. The 'id-it-rootCaKeyUpdate' messages are expected to be processed with OSSLCMPget1_rootCaKeyUpdate(), that is expected to verify the 'newWithOld' certificate. A typo in the certificate chain building code led to adding an incorrect certificate ('newWithOld' instead of 'oldRoot') to the certificate chain, rendering the certificate verification process ineffectual (only the issuer name and the algorithm OIDs were verified by other parts of the verification code). An attacker who already has credentials that satisfy the CMP message protection checks can generate a new key pair and use a crafted self-signed certificate in its 'id-it-rootCaKeyUpdate' CMP messages which affected CMP clients would accept as a new trust anchor. Significant preconditions for the attack (having valid RA-level credentials) are the reason the issue was assigned Low severity. The FIPS modules are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

References

Affected packages

Ubuntu:Pro:22.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

12.*
12.22.5~dfsg-5ubuntu1
12.22.7~dfsg-2ubuntu1
12.22.7~dfsg-2ubuntu3
12.22.9~dfsg-1ubuntu2
12.22.9~dfsg-1ubuntu3
12.22.9~dfsg-1ubuntu3.1
12.22.9~dfsg-1ubuntu3.2
12.22.9~dfsg-1ubuntu3.3
12.22.9~dfsg-1ubuntu3.4
12.22.9~dfsg-1ubuntu3.5
12.22.9~dfsg-1ubuntu3.6
12.22.9~dfsg-1ubuntu3.6+esm2

Ecosystem specific 

{
    "priority_reason": "OpenSSL developers have rated this as being low severity",
    "binaries": [
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.6+esm2",
            "binary_name": "libnode72"
        },
        {
            "binary_name": "nodejs",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6+esm2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42769.json"

Ubuntu:25.10 / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2025.*
2025.02-3ubuntu2
2025.02-8
2025.02-8ubuntu1
2025.02-8ubuntu2
2025.02-8ubuntu3
2025.02-8ubuntu3.1

Ecosystem specific 

{
    "priority_reason": "OpenSSL developers have rated this as being low severity",
    "binaries": [
        {
            "binary_name": "efi-shell-aa64",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "efi-shell-arm",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "efi-shell-ia32",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "efi-shell-loongarch64",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "efi-shell-riscv64",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "efi-shell-x64",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "ovmf",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "ovmf-ia32",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_version": "2025.02-8ubuntu3.1",
            "binary_name": "ovmf-inteltdx"
        },
        {
            "binary_name": "ovmf-legacy",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "qemu-efi-arm",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "qemu-efi-loongarch64",
            "binary_version": "2025.02-8ubuntu3.1"
        },
        {
            "binary_name": "qemu-efi-riscv64",
            "binary_version": "2025.02-8ubuntu3.1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42769.json"

Ubuntu:25.10 / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.3-1ubuntu3.4

Affected versions

3.*
3.4.1-1ubuntu3
3.5.0-2ubuntu1
3.5.2-1ubuntu1
3.5.3-1ubuntu2
3.5.3-1ubuntu3
3.5.3-1ubuntu3.3

Ecosystem specific 

{
    "priority_reason": "OpenSSL developers have rated this as being low severity",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libssl3t64",
            "binary_version": "3.5.3-1ubuntu3.4"
        },
        {
            "binary_version": "3.5.3-1ubuntu3.4",
            "binary_name": "openssl"
        },
        {
            "binary_name": "openssl-provider-legacy",
            "binary_version": "3.5.3-1ubuntu3.4"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42769.json"

Ubuntu:26.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2025.*
2025.02-8ubuntu3
2025.11-3ubuntu6
2025.11-3ubuntu7

Ecosystem specific 

{
    "priority_reason": "OpenSSL developers have rated this as being low severity",
    "binaries": [
        {
            "binary_name": "efi-shell-aa64",
            "binary_version": "2025.11-3ubuntu7"
        },
        {
            "binary_version": "2025.11-3ubuntu7",
            "binary_name": "efi-shell-loongarch64"
        },
        {
            "binary_name": "efi-shell-riscv64",
            "binary_version": "2025.11-3ubuntu7"
        },
        {
            "binary_name": "efi-shell-x64",
            "binary_version": "2025.11-3ubuntu7"
        },
        {
            "binary_name": "ovmf",
            "binary_version": "2025.11-3ubuntu7"
        },
        {
            "binary_name": "ovmf-amdsev",
            "binary_version": "2025.11-3ubuntu7"
        },
        {
            "binary_version": "2025.11-3ubuntu7",
            "binary_name": "ovmf-generic"
        },
        {
            "binary_version": "2025.11-3ubuntu7",
            "binary_name": "ovmf-inteltdx"
        },
        {
            "binary_name": "ovmf-legacy",
            "binary_version": "2025.11-3ubuntu7"
        },
        {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "2025.11-3ubuntu7"
        },
        {
            "binary_name": "qemu-efi-loongarch64",
            "binary_version": "2025.11-3ubuntu7"
        },
        {
            "binary_name": "qemu-efi-riscv64",
            "binary_version": "2025.11-3ubuntu7"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42769.json"

Ubuntu:26.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.5-1ubuntu3.2

Affected versions

3.*
3.5.3-1ubuntu2
3.5.5-1ubuntu1
3.5.5-1ubuntu3

Ecosystem specific 

{
    "priority_reason": "OpenSSL developers have rated this as being low severity",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.5.5-1ubuntu3.2",
            "binary_name": "libssl3t64"
        },
        {
            "binary_version": "3.5.5-1ubuntu3.2",
            "binary_name": "openssl"
        },
        {
            "binary_name": "openssl-provider-legacy",
            "binary_version": "3.5.5-1ubuntu3.2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42769.json"