Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-22866

Опубликовано: 06 фев. 2025
Источник: debian

Описание

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.24fixed1.24~rc3-1package
golang-1.23fixed1.23.6-1package
golang-1.22fixed1.22.12-1package
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15ignoredbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k

  • https://github.com/golang/go/issues/71383

  • https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)

  • https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)

  • https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)

Связанные уязвимости

ubuntu логотип

CVE-2025-22866

CVSS3: 4
ubuntu
12 месяцев назад

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

redhat логотип

CVE-2025-22866

CVSS3: 5.3
redhat
12 месяцев назад

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

nvd логотип

CVE-2025-22866

CVSS3: 4
nvd
12 месяцев назад

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

msrc логотип

CVE-2025-22866

CVSS3: 8.4
msrc
5 месяцев назад

Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

suse-cvrf логотип

SUSE-SU-2025:0393-1

suse-cvrf
12 месяцев назад

Security update for go1.23