2344219 – (CVE-2025-22866) CVE-2025-22866 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

Bug 2344219 (CVE-2025-22866) - CVE-2025-22866 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

Summary: CVE-2025-22866 crypto/internal/nistec: golang: Timing sidechannel for P-256 o...

Keywords:
Status:	NEW
Alias:	CVE-2025-22866
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2350500 2344501 2344502 2344503 2344504
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-06 17:01 UTC by OSIDB Bzimport
Modified:	2025-04-15 17:24 UTC (History)
CC List:	140 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:3922	0	None	None	None	2025-04-15 17:24:41 UTC

Description OSIDB Bzimport 2025-02-06 17:01:18 UTC

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

Comment 4 Debarshi Ray 2025-03-06 14:54:35 UTC

After a little bit of Git archaeology, I found that this was fixed in Go 1.22.12 with:
https://github.com/golang/go/commit/0cc45e7ca668b103

... and in Go 1.23.5 with:
https://github.com/golang/go/commit/6644ed63b1e6ccc1

Comment 5 Debarshi Ray 2025-03-06 14:55:39 UTC

(In reply to Debarshi Ray from comment #4)
> ... and in Go 1.23.5 with:
> https://github.com/golang/go/commit/6644ed63b1e6ccc1

Sorry, this was 1.23.6.

Comment 8 errata-xmlrpc 2025-04-15 17:24:33 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.5 for RHEL 8

Via RHSA-2025:3922 https://access.redhat.com/errata/RHSA-2025:3922

Note You need to log in before you can comment on or make changes to this bug.

aazores
abrianik
adistefa
akostadi
alcohan
amasferr
amctagga
anjoseph
ansmith
aoconnor
asatyam
aveerama
bdettelb
bkabrda
bniver
brking
cbartlet
chazlett
ckandaga
cmah
danken
davidn
debarshir
dhanak
diagrawa
dmayorov
doconnor
dsimansk
dymurray
eaguilar
ebaron
eglynn
ehelms
fdeutsch
flucifre
ggainey
gkamathe
gmeno
gparvin
haoli
hkataria
ibolton
jaharrin
jajackso
jburrell
jcammara
jcantril
jeder
jforrest
jjoyce
jkoehler
jlledo
jmatthew
jmitchel
jmontleo
jneedle
jolong
jprabhak
jschluet
juwatts
jwendell
kegrant
kingland
koliveir
kshier
kverlaen
lball
lchilton
lgamliel
lhh
lphiri
lsvaty
mabashia
matzew
mbenjamin
mbocek
mburns
mgarciac
mhackett
mhulan
mkudlej
mmakovy
mnovotny
mrunge
mwringe
ngough
njean
nmoumoul
nobody
oramraz
owatkins
pahickey
parichar
pbraun
pcreech
peholase
pgaikwad
pgrist
pierdipi
pjindal
pvasanth
rcernich
rchan
relrod
rfreiman
rguimara
rhaigner
rhuss
rjohnson
rojacob
sabiswas
sakbas
saroy
sdawley
sfeifer
sfroberg
shvarugh
simaishi
skontopo
slucidi
smallamp
smcdonal
smullick
sostapov
sseago
stcannon
stirabos
tasato
teagle
tfister
thason
thavo
tjochec
vereddy
veshanka
vimartin
vkareh
whayutin
wtam
yguenane