CVE-2024-1543

2024-08-2923:15:10

Debian Security Bug Tracker

security-tracker.debian.org

wolfssl

side-channel

protection

vulnerability

t-table

implementation

cache-line resolution

intel sgx

attack

unix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

JSON

The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500

OSVersionArchitecturePackageVersionFilename
Debian12allwolfssl<= 5.5.4-2+deb12u1wolfssl_5.5.4-2+deb12u1_all.deb
Debian11allwolfssl<= 4.6.0+p1-0+deb11u2wolfssl_4.6.0+p1-0+deb11u2_all.deb
Debian999allwolfssl< 5.6.6-1.2wolfssl_5.6.6-1.2_all.deb
Debian13allwolfssl< 5.6.6-1.2wolfssl_5.6.6-1.2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	wolfssl	<= 5.5.4-2+deb12u1	wolfssl_5.5.4-2+deb12u1_all.deb
Debian	11	all	wolfssl	<= 4.6.0+p1-0+deb11u2	wolfssl_4.6.0+p1-0+deb11u2_all.deb
Debian	999	all	wolfssl	< 5.6.6-1.2	wolfssl_5.6.6-1.2_all.deb
Debian	13	all	wolfssl	< 5.6.6-1.2	wolfssl_5.6.6-1.2_all.deb