{ "threat_severity" : "Low", "public_date" : "2016-03-01T00:00:00Z", "bugzilla" : { "description" : "OpenSSL: Side channel attack on modular exponentiation", "id" : "1310599", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1310599" }, "cvss" : { "cvss_base_score" : "2.6", "cvss_scoring_vector" : "AV:L/AC:H/Au:N/C:P/I:P/A:N", "status" : "verified" }, "details" : [ "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.", "A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys." ], "acknowledgement" : "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Daniel Genkin (Technion and Tel Aviv University), Nadia Heninger (University of Pennsylvania), and Yuval Yarom (University of Adelaide and NICTA) as the original reporters.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2016-03-01T00:00:00Z", "advisory" : "RHSA-2016:0301", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "openssl-0:1.0.1e-42.el6_7.4" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-03-01T00:00:00Z", "advisory" : "RHSA-2016:0301", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "openssl-1:1.0.1e-51.el7_2.4" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date" : "2016-03-09T00:00:00Z", "advisory" : "RHSA-2016:0379", "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package" : "rhev-hypervisor7-0:7.2-20160302.1.el6ev" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-7", "release_date" : "2016-03-09T00:00:00Z", "advisory" : "RHSA-2016:0379", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "rhev-hypervisor7-0:7.2-20160302.1.el7ev" }, { "product_name" : "Text-Only JBCS", "release_date" : "2016-12-15T00:00:00Z", "advisory" : "RHSA-2016:2957", "cpe" : "cpe:/a:redhat:jboss_core_services:1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "openssl097a", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Affected", "package_name" : "openssl098e", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "openssl098e", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 6.7", "fix_state" : "Affected", "package_name" : "guest-images", "cpe" : "cpe:/o:redhat:rhel_eus:6.7" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 7.2", "fix_state" : "Affected", "package_name" : "rhel-guest-image", "cpe" : "cpe:/o:redhat:rhel_eus:7.2" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 2", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 3", "fix_state" : "Affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-0702\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0702\nhttp://cachebleed.info/\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name" : "CVE-2016-0702", "csaw" : false }