Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Kyber reference implementation
- before 9b8d306
Source
cve@mitre.org
Tags
CVE-2024-37880 details
Published : June 10, 2024, 2:15 a.m.
Last Modified : June 10, 2024, 2:52 a.m.
Last Modified : June 10, 2024, 2:52 a.m.
Description
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://github.com/antoonpurnal/clangover | cve@mitre.org |
| https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c | cve@mitre.org |
| https://news.ycombinator.com/item?id=40577486 | cve@mitre.org |
| https://pqshield.com/pqshield-plugs-timing-leaks-in-kyber-ml-kem-to-improve-pqc-implementation-maturity/ | cve@mitre.org |
| https://twitter.com/purnaltoon/status/1797644696568959476 | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.