Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-37880

June 10, 2024, 2:52 a.m.

Tags

cve@mitre.org
2024-06-10
CVE-2024-37880

Product(s) Impacted

Kyber reference implementation

  • before 9b8d306

Description

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.

Weaknesses

Date

Published: June 10, 2024, 2:15 a.m.

Last Modified: June 10, 2024, 2:52 a.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References

https://github.com/ cve@mitre.org
https://github.com/ cve@mitre.org
https://news.ycombinator.com/ cve@mitre.org
https://pqshield.com/ cve@mitre.org
https://twitter.com/ cve@mitre.org