Description

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.

INFO

Published Date :

2024-06-10T00:00:00.000Z

Last Modified :

2024-08-02T03:57:39.987Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-37880 vulnerability.

Vendors Products
Pq-crystals
  • Kyber
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-37880.

URL Resource
https://github.com/antoonpurnal/clangover cve-icon cve-icon
https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c cve-icon cve-icon
https://news.ycombinator.com/item?id=40577486 cve-icon cve-icon
https://pqshield.com/pqshield-plugs-timing-leaks-in-kyber-ml-kem-to-improve-pqc-implementation-maturity/ cve-icon cve-icon
https://twitter.com/purnaltoon/status/1797644696568959476 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact