Bug 1459887 - (CVE-2017-9526) CVE-2017-9526 libgcrypt: Possible timing attack on EdDSA session key
CVE-2017-9526 libgcrypt: Possible timing attack on EdDSA session key
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1459888 1459889 1459890
  Show dependency treegraph
Reported: 2017-06-08 09:04 EDT by Adam Mariš
Modified: 2018-07-18 11:24 EDT (History)
16 users (show)

See Also:
Fixed In Version: libgcrypt 1.7.7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2017-06-08 09:04:25 EDT
An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library.

Upstream fixes:

master: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b

1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56
Comment 1 Adam Mariš 2017-06-08 09:05:18 EDT
Created libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 1459890]

Created mingw-libgcrypt tracking bugs for this issue:

Affects: epel-7 [bug 1459888]
Affects: fedora-all [bug 1459889]
Comment 2 Adam Mariš 2017-06-08 09:08:01 EDT

This issue did not affect the versions of libgcrypt as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include support for EdDSA cipher.

Note You need to log in before you can comment on or make changes to this bug.