CVE-2024-36405: Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options
First published: Mon Jun 10 2024(Updated: )
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| liboqs | <0.10.1 | |
| Clang | >=15<=18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp
- https://github.com/open-quantum-safe/liboqs/commit/982c762c242ef549c914891b47bf6e0ed6321f91
- https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c
- https://github.com/open-quantum-safe/liboqs/blob/7eecda6095c003ddded7175a1ffdf35a2ce63ed5/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c#L166
Frequently Asked Questions
What is the severity of CVE-2024-36405?
CVE-2024-36405 is considered to have high severity due to the control-flow timing leak that can impact cryptographic security.
How do I fix CVE-2024-36405?
To fix CVE-2024-36405, update liboqs to version 0.10.1 or later and ensure you're not compiling with Clang versions 15-18 using the -Os optimization flag.
What types of systems are affected by CVE-2024-36405?
CVE-2024-36405 affects systems using the liboqs cryptographic library and Clang compilers ranging from version 15 to 18.
What is the impact of CVE-2024-36405?
The impact of CVE-2024-36405 includes potential exposure of sensitive cryptographic operations, making it easier for attackers to exploit the timing leak.
Is there a workaround for CVE-2024-36405?
A potential workaround for CVE-2024-36405 is to avoid using Clang versions 15-18 with the -Os optimization flag while waiting for an official patch.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/liboqs
- canonical/liboqs
- vendor/clang
- canonical/clang