Bug 1226162 (CVE-2024-36405)

Summary: VUL-0: CVE-2024-36405: liboqs: control-flow timing leak in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 with certain compilation options
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: camila.matos
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/409908/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-36405:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-06-10 17:01:38 UTC 
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable.

References:
https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-36405
https://www.cve.org/CVERecord?id=CVE-2024-36405
https://github.com/open-quantum-safe/liboqs/blob/7eecda6095c003ddded7175a1ffdf35a2ce63ed5/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c#L166
https://github.com/open-quantum-safe/liboqs/commit/982c762c242ef549c914891b47bf6e0ed6321f91
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp
Comment 2 OBSbugzilla Bot 2024-06-11 09:25:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1226162) was mentioned in
https://build.opensuse.org/request/show/1179955 Factory / liboqs