CVE-2025-27587

EUVD-2025-18430

16.06.2025, 22:15

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Debian Releases

Debian Product

Codename

openssl

bookworm	unimportant
bookworm (security)	unimportant
bullseye	unimportant
bullseye (security)	unimportant
forky	3.6.2-1 fixed
sid	3.6.2-1 fixed
trixie	3.5.6-1~deb13u1 fixed
trixie (security)	3.5.5-1~deb13u2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl1.0

bionic	not-affected
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne

nodejs

bionic	ignored
focal	not-affected
jammy	ignored
noble	not-affected
oracular	not-affected
plucky	not-affected
questing	not-affected
trusty	not-affected
xenial	ignored

edk2

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
oracular	ignored
plucky	not-affected
questing	not-affected
xenial	not-affected

openssl

bionic	not-affected
focal	not-affected
jammy	ignored
noble	ignored
oracular	ignored
plucky	not-affected
questing	not-affected
trusty	not-affected
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

libopenssl-3-devel

suse enterprise desktop 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.5.10.1 fixed

libopenssl-3-fips-provider

suse enterprise desktop 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.5.10.1 fixed

libopenssl-3-fips-provider-32bit

suse enterprise desktop 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.5.10.1 fixed

libopenssl3

suse enterprise desktop 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.5.10.1 fixed

libopenssl3-32bit

suse enterprise desktop 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.5.10.1 fixed

openssl-3

suse enterprise desktop 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.5.10.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.5.27.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.5.10.1 fixed

Common Weakness Enumeration

CWE-385 - Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

References

https://github.com/openssl/openssl/issues/24253

https://minerva.crocs.fi.muni.cz