CVE-2015-5738

Name of the Vulnerable Software and Affected Versions Cavium Software Development Kit (SDK) versions 2.x

Description The issue is related to the RSA-CRT implementation in the Cavium Software Development Kit (SDK), which lacks protection of service data. This makes it easier for remote attackers to obtain private RSA keys by conducting a side-channel attack, specifically a Lenstra side-channel attack, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS).

Recommendations For Cavium Software Development Kit (SDK) versions 2.x, consider disabling the use of RSA-CRT implementation until a patch is available to prevent remote attackers from obtaining private RSA keys. Restrict access to the TLS functionality with Perfect Forward Secrecy (PFS) to minimize the risk of exploitation. Avoid using the affected SDK version on OCTEON II CN6xxx Hardware on Linux until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.