Memory-cache side-channel attack in libgcrypt (Alpine package)

Published: 2018-06-13

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2018-0495
CWE-ID	CWE-200
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	libgcrypt (Alpine package) Operating systems & Components / Operating system package or component
Vendor	Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Memory-cache side-channel attack

EUVDB-ID: #VU13370

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-0495

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to a leakage of information through memory caches when the affected library uses a private key to create Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. A local attacker can conduct a memory-cache side-channel attack on ECDSA signatures and recover sensitive information, such as ECDSA private keys, which could be used to conduct further attacks.

Note: The vulnerability is known as the "Return Of the Hidden Number Problem" or ROHNP.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libgcrypt (Alpine package): 1.7.9-r0

CPE2.3

cpe:2.3:o:alpine:libgcrypt_alpine_package:1.7.9-r0:*:*:*:*:alpine_linux:*:3.4

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.