CVE-2019-12904
20.06.2019, 00:15
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attackEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnupg | libgcrypt | 1.8.4 |
| opensuse | leap | 15.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libgcrypt11 |
| ||||||||||||||||||||||
| libgcrypt20 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libgcrypt-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20-hmac |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20-hmac-32bit |
|
Common Weakness Enumeration
References