CVE-2017-5681
CVE-2017-5681
In short
A flaw in Intel's QuickAssist cryptography code allows attackers to steal RSA private keys by analyzing subtle timing differences during encryption operations. This breaks the security of encrypted communications that rely on RSA.
Technical detail
The RSA-CRT (Chinese Remainder Theorem) implementation in Intel QAT Engine for OpenSSL <0.5.19 is vulnerable to Lenstra side-channel attacks, enabling private key recovery through timing analysis. Remote attackers can exploit this vulnerability without authentication by observing cryptographic operation durations.
Summary generated and translated by AI from the official description.
The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
Affected products
Intel · Intel Quick Assist TechnologyWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →