CVE-2019-12904

Name
CVE-2019-12904
Description
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://dev.gnupg.org/T4541
Patch https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
Patch https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html
Mailing List https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
cve@mitre.org https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnupg:libgcrypt:1.8.4:*:*:*:*:*:*:* libgcrypt == None == 1.8.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libgcrypt edge-main 1.8.4-r2 None fixed
libgcrypt 3.22-main 1.8.4-r2 None fixed
libgcrypt 3.21-main 1.8.4-r2 None fixed
libgcrypt 3.20-main 1.8.4-r2 None fixed
libgcrypt 3.19-main 1.8.4-r2 None fixed
libgcrypt 3.18-main 1.8.4-r2 None fixed
libgcrypt 3.17-main 1.8.4-r2 None fixed
libgcrypt 3.12-main 1.8.4-r2 None fixed
libgcrypt 3.11-main 1.8.4-r2 None fixed
libgcrypt 3.10-main 1.8.4-r2 None fixed