Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-37880

June 10, 2024, 2:52 a.m.

Product(s) Impacted

Kyber reference implementation

  • before 9b8d306

Description

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.

Weaknesses

Date

Published: June 10, 2024, 2:15 a.m.

Last Modified: June 10, 2024, 2:52 a.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References