CVE-2025-22866

EUVD-2025-3034
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
delve
RHEL 9
0:1.24.1-2.el9_5
fixed
go-toolset
RHEL 9
0:1.23.6-2.el9_5
fixed
golang
RHEL 9
0:1.23.6-2.el9_5
fixed
golang-bin
RHEL 9
0:1.23.6-2.el9_5
fixed
golang-docs
RHEL 9
0:1.23.6-2.el9_5
fixed
golang-misc
RHEL 9
0:1.23.6-2.el9_5
fixed
golang-race
RHEL 9
0:1.23.6-2.el9_5
fixed
golang-src
RHEL 9
0:1.23.6-2.el9_5
fixed
golang-tests
RHEL 9
0:1.23.6-2.el9_5
fixed
rhc
RHEL 9
1:0.2.6-3.el9_6
fixed
rhc-devel
RHEL 9
1:0.2.6-3.el9_6
fixed
References
https://go.dev/cl/643735
https://go.dev/issue/71383
https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k
https://pkg.go.dev/vuln/GO-2025-3447
https://security.netapp.com/advisory/ntap-20250221-0002/