CVE-2013-4242

Name of the Vulnerable Software and Affected Versions libgcrypt versions 1.4.4 through 1.4.5 libgcrypt-devel versions 1.4.4 through 1.4.5 libgcrypt-debuginfo versions 1.4.4 through 1.4.5 GnuPG versions prior to 1.4.14 Libgcrypt versions prior to 1.5.3

Description The issue allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache. This can lead to a violation of confidentiality of protected information. The exploitation of the issue can be carried out locally.

Recommendations For libgcrypt versions 1.4.4 through 1.4.5, consider updating to a version prior to the vulnerability, such as libgcrypt version 1.5.3 or later. For libgcrypt-devel versions 1.4.4 through 1.4.5, consider updating to a version prior to the vulnerability, such as libgcrypt version 1.5.3 or later. For libgcrypt-debuginfo versions 1.4.4 through 1.4.5, consider updating to a version prior to the vulnerability, such as libgcrypt version 1.5.3 or later. For GnuPG versions prior to 1.4.14, consider updating to GnuPG version 1.4.14 or later. For Libgcrypt versions prior to 1.5.3, consider updating to Libgcrypt version 1.5.3 or later. As a temporary workaround, consider restricting access to sensitive information until a patch is available.