CVE-2022-42961 is a medium-severity vulnerability affecting wolfSSL versions prior to 5.5.0. The issue arises from the susceptibility of the system's RAM to fault injection attacks via the Rowhammer technique. Rowhammer is a hardware-based attack that induces bit flips in DRAM cells by repeatedly accessing adjacent memory rows, potentially causing data corruption. In this context, the fault injection targets the RAM during elliptic curve digital signature algorithm (ECDSA) signing operations performed by wolfSSL. The consequence is the generation of faulty ECC signatures that can leak information about the private ECC keys. Attackers can collect these faulty signatures and apply advanced cryptanalytic techniques to recover the private keys used in signing. This is particularly critical for server-side TLS connections where private ECC keys are used to establish secure communications. The vulnerability does not require user interaction or privileges and can be exploited remotely if the attacker can induce Rowhammer faults on the target system's memory. wolfSSL version 5.5.0 and later include a mitigation mechanism via the WOLFSSL_CHECK_SIG_FAULTS option, which detects and prevents the use of faulty signatures, thereby mitigating the risk of key leakage. The CVSS v3.1 score is 5.3 (medium), reflecting the vulnerability's network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality impact without affecting integrity or availability.

For European organizations, this vulnerability poses a risk to the confidentiality of ECC private keys used in TLS and other cryptographic operations relying on wolfSSL. Compromise of private keys can lead to man-in-the-middle attacks, decryption of sensitive communications, impersonation of servers, and broader trust violations in secure communications infrastructure. Sectors such as finance, healthcare, government, and critical infrastructure that rely on wolfSSL for embedded or IoT device security could be particularly impacted. Given the hardware nature of the Rowhammer attack, exploitation may require physical proximity or the ability to run code on the target system, which could limit widespread exploitation but remains a concern for cloud providers, managed service providers, and organizations using vulnerable embedded devices. The potential for key leakage undermines long-term confidentiality and could facilitate persistent threats if keys are not rotated promptly after compromise.

European organizations should prioritize upgrading wolfSSL to version 5.5.0 or later, which includes the WOLFSSL_CHECK_SIG_FAULTS feature to detect and reject faulty signatures caused by fault injection. For systems where immediate upgrade is not feasible, organizations should implement hardware-level mitigations against Rowhammer attacks, such as enabling ECC memory, deploying memory refresh rate enhancements, or using hardware with built-in Rowhammer resistance. Additionally, organizations should enforce strict access controls to prevent untrusted code execution on systems performing ECC signing operations. Regular key rotation policies should be enforced to limit the exposure window of potentially compromised keys. Monitoring for anomalous signature patterns or cryptographic errors may help detect exploitation attempts. Finally, organizations should assess their use of wolfSSL in embedded or IoT devices and consider device replacement or firmware updates where possible.