Vulnerability	Vulnerable Version
L Information Exposure ipp-crypto is a library for Intel Integrated Performance Primitives Cryptography Affected versions of this package are vulnerable to Information Exposure via Frequency Throttling Side-Channel attacks for `ECB`, `CMAC` and `GCM` AES modes. An attacker with low level access who can execute repeated cryptographic operations on the affected system using the same key (i.e. without exceeding the configured time or volume threshhold for refreshing the secret key) can extract potentially sensitive information from an unauthorized workload. A number of prerequisite conditions must be met for an attack to be practical. See Frequency Throttling Side Channel Software Guidance for Cryptography Implementations for more information. How to fix Information Exposure? Upgrade `ipp-crypto` to version 2021.7.0 or higher.	[,2021.7.0)

Information Exposure

ipp-crypto is a library for Intel Integrated Performance Primitives Cryptography

Affected versions of this package are vulnerable to Information Exposure via Frequency Throttling Side-Channel attacks for ECB, CMAC and GCM AES modes. An attacker with low level access who can execute repeated cryptographic operations on the affected system using the same key (i.e. without exceeding the configured time or volume threshhold for refreshing the secret key) can extract potentially sensitive information from an unauthorized workload. A number of prerequisite conditions must be met for an attack to be practical. See Frequency Throttling Side Channel Software Guidance for Cryptography Implementations for more information.

How to fix Information Exposure?

Upgrade ipp-crypto to version 2021.7.0 or higher.

[,2021.7.0)

Go back to all versions of this package