Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-5738

The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.

Published

2016-07-26T17:59:00.137

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	marvell	software_development_kit	2.0	Yes
Hardware	marvell	octeon_ii_cn6000	-	No
Hardware	marvell	octeon_ii_cn6010	-	No
Hardware	marvell	octeon_ii_cn6020	-	No
Application	f5	traffix_signaling_delivery_controller	≤ 3.5.1	Yes
Application	f5	traffix_signaling_delivery_controller	≤ 4.4.0	Yes

References

http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions Broken Link ([email protected])
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf Technical Description, Third Party Advisory ([email protected])
https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html Third Party Advisory ([email protected])
http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)