CVE-2016-1000339 Information

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2927 https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93bdiff-54656f860db94b867ba7542430cd2ef0 https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0diff-494fb066bed02aeb76b6c005632943f2 https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html https://security.netapp.com/advisory/ntap-20181127-0004/ https://usn.ubuntu.com/3727-1/ https://www.oracle.com/security-alerts/cpuoct2020.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3