In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) External Reference: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html
Created libgcrypt tracking bugs for this issue: Affects: fedora-all [bug 1730321]
This seems more a theoretical attack possibility than and practical one. This seems to be the same opinion from upstream maintainers at https://dev.gnupg.org/T4541. Given that, the patches looks like much more a hardening. I'm closing this bug as WONTFIX for now.
Created mingw-libgcrypt tracking bugs for this issue: Affects: epel-7 [bug 1752913]
During governance (for flaws missing doctext), this CVE was encountered and listed on a customer portal[1] for no description available. Added appropriate doctext and statement. [1] https://access.redhat.com/security/security-updates/cve?q=No+description+is+available&p=1&sort=cve_publicDate+desc&rows=10&documentKind=Cve