Bug 2097181 (AMD-SB-1038, CVE-2022-23823)

Summary: CVE-2022-23823 hw: cpu: cryptographic leaks via frequency scaling attacks(AMD)
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, ahanwate, bhu, brdeoliv, ddepaula, dhoward, dvlasenk, fhrbata, hkrzesin, jarod, jfaracco, jferlan, jforbes, joe.lawrence, jshortt, jstancek, kcarcia, kernel-mgr, lzampier, msiddiqu, nmurray, pdwyer, ptalbert, rvrbovsk, scweaver, walters, ymittal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-06-15 21:54:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2097185    

Description Sandipan Roy 2022-06-15 05:16:09 UTC 
https://www.hertzbleed.com/

Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.

Hertzbleed takes advantage of our experiments showing that, under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed. This means that, on modern processors, the same program can run at a different CPU frequency (and therefore take a different wall time) when computing, for example, 2022 + 23823 compared to 2022 + 24436.

Hertzbleed is a real, and practical, threat to the security of cryptographic software. We have demonstrated how a clever attacker can use a novel chosen-ciphertext attack against SIKE to perform full key extraction via remote timing, despite SIKE being implemented as “constant time”.
Research Paper

AMD’s security advisory states that several of their desktop, mobile and server processors are affected. We experimentally confirmed that AMD Ryzen processors are affected, including desktop and laptop models from the Zen 2 and Zen 3 microarchitectures.

Yes, for full reproducibility. You can find the source code of all the experiments from our paper at the link: https://github.com/FPSG-UIUC/hertzbleed
Comment 2 Product Security DevOps Team 2022-06-15 21:54:45 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-23823