Add Changelog for the Marvin attack fix

Signed-off-by: Janos Follath <janos.follath@arm.com>
2025-07-13 09:01:48 +03:00 · 2023-11-21 09:57:27 +00:00
parent 6bcbc925bf
commit a865fc951e
1 changed files with 6 additions and 0 deletions
--- a/ChangeLog.d/fix-Marvin-attack.txt
+++ b/ChangeLog.d/fix-Marvin-attack.txt
@ -0,0 +1,6 @@
+Security
+   * Fix a timing side channel in RSA private operations. This side channel
+     could be sufficient for a local attacker to recover the plaintext. It
+     requires the attecker to send a large number of messages for decryption.
+     For details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario.
+     Reported by Hubert Kario, Red Hat.