What is the severity of CVE-2015-5738?

CVE-2015-5738 is considered critical due to the potential exposure of private RSA keys through a side-channel attack.

How do I fix CVE-2015-5738?

To mitigate CVE-2015-5738, upgrade to a version of the Cavium Software Development Kit that is not vulnerable to the issue.

What systems are affected by CVE-2015-5738?

CVE-2015-5738 affects the Cavium Software Development Kit 2.x running on OCTEON II CN6xxx hardware, specifically in TLS implementations.

What type of attack is associated with CVE-2015-5738?

CVE-2015-5738 is associated with a Lenstra side-channel attack that can compromise private RSA keys.

Is CVE-2015-5738 relevant for all versions of the Marvell SDK?

No, CVE-2015-5738 specifically affects the Marvell Software Development Kit version 2.0.

Vulnerability/
CVE-2015-5738

high

7.5

CWE

200

26/7/2016

6/8/2024

CVE-2015-5738: Infoleak

First published: Tue Jul 26 2016(Updated: )

The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Marvell Software Development Kit	=2.0
Marvell OCTEON II CN6000
Marvell OCTEON II cn6010
Marvell OCTEON II CN6020
F5 Traffix Systems Signaling Delivery Controller	>=3.3.2<=3.5.1
F5 Traffix Systems Signaling Delivery Controller	>=4.0.0<=4.4.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-5738?
CVE-2015-5738 is considered critical due to the potential exposure of private RSA keys through a side-channel attack.
How do I fix CVE-2015-5738?
To mitigate CVE-2015-5738, upgrade to a version of the Cavium Software Development Kit that is not vulnerable to the issue.
What systems are affected by CVE-2015-5738?
CVE-2015-5738 affects the Cavium Software Development Kit 2.x running on OCTEON II CN6xxx hardware, specifically in TLS implementations.
What type of attack is associated with CVE-2015-5738?
CVE-2015-5738 is associated with a Lenstra side-channel attack that can compromise private RSA keys.
Is CVE-2015-5738 relevant for all versions of the Marvell SDK?
No, CVE-2015-5738 specifically affects the Marvell Software Development Kit version 2.0.

agent/author
agent/type
agent/severity
agent/weakness
agent/references
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
vendor/marvell
canonical/marvell software development kit
version/marvell software development kit/2.0
canonical/marvell octeon ii cn6000
canonical/marvell octeon ii cn6010
canonical/marvell octeon ii cn6020
vendor/f5
canonical/f5 traffix systems signaling delivery controller
version/f5 traffix systems signaling delivery controller/3.3.2
version/f5 traffix systems signaling delivery controller/3.5.1
version/f5 traffix systems signaling delivery controller/4.0.0
version/f5 traffix systems signaling delivery controller/4.4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.