Flush-and-Reload Side-Channel Vulnerability in Libgcrypt 1.8.4 AES C Implementation

Flush-and-Reload Side-Channel Vulnerability in Libgcrypt 1.8.4 AES C Implementation

CVE-2019-12904 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack

Learn more about our Physical Security Assessment.