lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-09-04 03:22:10 +03:00
Code Activity

Update Marvin fix Changelog entry

Browse Source 
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath
2024-01-11 14:24:02 +00:00
parent 890c74447d
commit 0b39d1ed7d
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ChangeLog.d/fix-Marvin-attack.txt
View File

@@ -1,6 +1,8 @@
Security Security
* Fix a timing side channel in RSA private operations. This side channel * Fix a timing side channel in private key RSA operations. This side channel
could be sufficient for a local attacker to recover the plaintext. It could be sufficient for an attacker to recover the plaintext. A local
requires the attacker to send a large number of messages for decryption. attacker or a remote attacker who is close to the victim on the network
For details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. might have precise enough timing measurements to exploit this. It requires
Reported by Hubert Kario, Red Hat. the attacker to send a large number of messages for decryption. For
details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
by Hubert Kario, Red Hat.