Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0928 to
the following vulnerability:
Reference: MISC: http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf
Reference: MISC: http://www.networkworld.com/news/2010/030410-rsa-security-attack.html
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx
Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm
for certain signature calculations, and does not verify the signature
before providing it to a caller, which makes it easier for physically
proximate attackers to determine the private key via a modified supply
voltage for the microprocessor, related to a "fault-based attack."
CVE-2010-0928 describes a fault-based attack on OpenSSL where an attacker has precise control over the target system environment in order to be able to introduce faults through power supply manipulation.
The Red Hat Security Response Team has rated this issue as having low security impact, as the attack is not a viable threat to OpenSSL as used in Red Hat products.