Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP.
Created libgcrypt tracking bugs for this issue:
Affects: fedora-all [bug 1970098]
Created mingw-libgcrypt tracking bugs for this issue:
Affects: fedora-all [bug 1970097]
I do not see the patch from description  in 1.8.8 tarball downloaded from upstream website when I tried to update Fedora 33 (last not having the 1.9.3 version).
This is a side-channel attack on ElGamal encryption in libgcrypt, essentially because it lacks exponent blinding against mpi_powm.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4409 https://access.redhat.com/errata/RHSA-2021:4409
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):