CVE-2015-0837

EPSS 2.0%

In short

A timing vulnerability in the mpi_powm function allows attackers to infer sensitive cryptographic keys by measuring how long certain operations take. This side-channel attack exploits differences in CPU cache access patterns during encryption operations.

Technical detail

The mpi_powm function in Libgcrypt <1.6.3 and GnuPG <1.4.19 is vulnerable to a Last-Level Cache (LLC) side-channel attack during modular exponentiation. An attacker with local access to measure memory access timings can infer private key bits through cache hit/miss patterns when accessing pre-computed lookup tables. The vulnerability affects RSA and other operations relying on this function.

Summary generated and translated by AI from the official description.

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

Affected products

GNU · GnuPG GNU · Libgcrypt

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://ieeexplore.ieee.org/document/7163050 https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html http://www.debian.org/security/2015/dsa-3184 http://www.debian.org/security/2015/dsa-3185