1226162 – (CVE-2024-36405) VUL-0: CVE-2024-36405: liboqs: control-flow timing leak in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 with certain compilation options

Bug 1226162 (CVE-2024-36405) - VUL-0: CVE-2024-36405: liboqs: control-flow timing leak in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 with certain compilation options

Summary: VUL-0: CVE-2024-36405: liboqs: control-flow timing leak in the reference impl...

Status:	NEW

Alias:	CVE-2024-36405

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Marcus Meissner
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/409908/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-36405:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-06-10 17:01 UTC by SMASH SMASH
Modified:	2024-06-11 09:25 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-06-10 17:01:38 UTC

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable.

References:
https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-36405
https://www.cve.org/CVERecord?id=CVE-2024-36405
https://github.com/open-quantum-safe/liboqs/blob/7eecda6095c003ddded7175a1ffdf35a2ce63ed5/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c#L166
https://github.com/open-quantum-safe/liboqs/commit/982c762c242ef549c914891b47bf6e0ed6321f91
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp

Comment 2 OBSbugzilla Bot 2024-06-11 09:25:02 UTC

This is an autogenerated message for OBS integration:
This bug (1226162) was mentioned in
https://build.opensuse.org/request/show/1179955 Factory / liboqs