Bugzilla – Full Text Bug Listing
|Summary:||VUL-0: CVE-2017-0379: libgcrypt: side channel attack on Curve25519|
|Product:||[Novell Products] SUSE Security Incidents||Reporter:||Marcus Meissner <meissner>|
|Component:||Incidents||Assignee:||Security Team bot <security-team>|
|Status:||RESOLVED FIXED||QA Contact:||Security Team bot <security-team>|
|Priority:||P3 - Medium||CC:||astieger, pmonrealgonzalez, smash_bz, vcizek|
|Whiteboard:||CVSSv3:SUSE:CVE-2017-0379:3.7:(AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVSSv2:SUSE:CVE-2017-0379:1.2:(AV:L/AC:H/Au:N/C:P/I:N/A:N) CVSSv3:RedHat:CVE-2017-0379:4.4:(AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N) CVSSv2:NVD:CVE-2017-0379:5.0:(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVSSv3:NVD:CVE-2017-0379:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSSv3:UNK(Oracle):CVE-2017-0379:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)|
|Found By:||Security Response Team||Services Priority:|
|Marketing QA Status:||---||IT Deployment:||---|
Description Marcus Meissner 2017-08-27 20:02:21 UTC
Comment 1 Marcus Meissner 2017-08-28 07:14:57 UTC
our code in ecc_decrypt_raw in SLE12:Update looks different, but we might just be missing some checks.
Comment 2 Andreas Stieger 2017-08-31 14:19:12 UTC
https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000414.html Noteworthy changes in version 1.8.1 (2017-08-27) ================================================ - Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With You". [CVE-2017-0379] [...] Noteworthy changes in version 1.7.9 (2017-08-27) ================================================ - Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With You". [CVE-2017-0379]
Comment 3 Andreas Stieger 2017-08-31 14:20:06 UTC
https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000414.html Comments on the vulnerability ============================= Details on this attack can be found in the paper May the Fourth Be With You: A Microarchitectural Side Channel Attack on Real-World Applications of Curve25519 by Daniel Genkin, Luke Valenta, and Yuval Yarom https://eprint.iacr.org/2017/806. Note that this side-channel attack requires that the attacker can run arbitrary software on the hardware where the private Curve25519 encryption key is used. In GnuPG a Curve25519 key used for encryption is shown as "cv25519". Signature keys based on Curve25519 (in GnuPG "ed25519") are not affected. Allowing other users to run software on a machine with private keys should be considered a full security compromise of that machine, anyway. Thus in practice there are easier ways to access the private keys than to mount this side-channel attack. However, on boxes with virtual machines this attack may be used by one VM to steal private keys from another VM.
Comment 4 Vítězslav Čížek 2017-11-20 16:28:38 UTC
Curve25519 was introduced in libgcrypt 1.7.0. (https://lists.gnu.org/archive/html/info-gnu/2016-04/msg00005.html) This affected only Factory before update to 1.8.1. Reassigning to the security-team.
Comment 5 Andreas Stieger 2017-11-20 16:32:58 UTC