CVE-2019-12904

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Libgcrypt version 1.8.4

Description The C implementation of AES in Libgcrypt is susceptible to a flush-and-reload side-channel attack. This occurs because physical addresses are accessible to other processes, and the C implementation is used on platforms where an assembly-language implementation is not available. The vendor has stated that the issue report cannot be validated due to the lack of a described attack.

Recommendations For Libgcrypt version 1.8.4, consider updating to a newer version that addresses the side-channel attack issue, as the current version's C implementation of AES poses a security risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

ALT-PU-2019-2588

ALT-PU-2020-1687

CVE-2019-12904

OPENSUSE-SU-2019:1792-1

OPENSUSE-SU-2019_1792-1

OPENSUSE-SU-2024:10941-1

SUSE-SU-2019:1859-1

SUSE-SU-2019:1971-1

SUSE-SU-2019_1859-1

SUSE-SU-2019_1971-1

Affected Products

Alt Linux

Libgcrypt

Suse

CVE-2019-12904

Weakness Enumeration

Related Identifiers

Affected Products

References · 28