Bug 1777985 (CVE-2019-2894) - CVE-2019-2894 OpenJDK: Side-channel vulnerability in the ECDSA implementation (Security, 8228825)
Summary: CVE-2019-2894 OpenJDK: Side-channel vulnerability in the ECDSA implementation...
Alias: CVE-2019-2894
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
Blocks: 1753424
TreeView+ depends on / blocked
Reported: 2019-11-28 21:42 UTC by Tomas Hoger
Modified: 2019-11-29 07:25 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-11-29 01:04:53 UTC

Attachments (Terms of Use)

Description Tomas Hoger 2019-11-28 21:42:38 UTC
A side-channel vulnerability was discovered in the ECDSA implementation in the Security component of OpenJDK.  This issue could possibly lead to a disclosure of the private key.

Further details can be found on pages of the Centre for Research on Cryptography and Security of Masaryk University in Brno (Czech republic):


The issue is branded as Minerva.

Patches applied to OpenJDK do not aim to address the problem in the EC implementation, but rather only disable affected EC curves in TLS by default.  Note that use cases where affected curves are re-enabled for use in TLS, or uses outside TLS would still be affected.

The following note regarding this issue was included in the Oracle Java SE release notes:

➜ Remove Obsolete NIST EC Curves from the Default TLS Algorithms

This change removes obsolete NIST EC curves from the default Named Groups used during TLS negotiation. The curves removed are sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, and secp256k1.

To re-enable these curves, use the jdk.tls.namedGroups system property. The property contains a comma-separated list within quotation marks of enabled named groups in preference order. For example:

java -Djdk.tls.namedGroups="secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1" ...

JDK-8228825 (not public)


The EC curves that were disabled via the patch for this issue were not enabled in OpenJDK builds as included in Red Hat products, and hence those OpenJDK builds were not affected.

Comment 1 Tomas Hoger 2019-11-28 21:43:30 UTC
Public via Oracle CPU October 2019:


Fixed in Oracle Java SE 13.0.1, 11.0.5, 8u231, and 7u241.

Comment 2 Product Security DevOps Team 2019-11-29 01:04:53 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Comment 3 Tomas Hoger 2019-11-29 07:25:49 UTC
OpenJDK-11 upstream commit:

OpenJDK-8 upstream commit:

Note You need to log in before you can comment on or make changes to this bug.