CVE-2019-12904

Priority
Description
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
flush-and-reload side-channel attack because physical addresses are
available to other processes. (The C implementation is used on platforms
where an assembly-language implementation is unavailable.)
Notes
mdeslauras of 2019-10-29, upstream developers haven't determined if this
is an actual issue or not yet, see:
https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2019-10-29)
Ubuntu 19.04 (Disco Dingo):deferred (2019-10-29)
Ubuntu 19.10 (Eoan Ermine):deferred (2019-10-29)
Ubuntu 20.04 (Focal Fossa):deferred (2019-10-29)
Patches:
Upstream:https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
Upstream:https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
More Information

Updated: 2019-10-29 17:14:22 UTC (commit b5b269f6c58411b1b97f4e98320cb98c35ddcb92)