Intel has found an RSA private key vulnerability with their Intel Performance Primitives (Intel IPP).
A vulnerability in Intel Integrated Performance Primitives (IPP) Cryptography allows local users to recover the RSA private key via a potential side-channel.
Intel ID: INTEL-SA-00060
Product family: The cryptography (CP) domain in Intel® Integrated Performance Primitives (Intel® IPP)
Impact of vulnerability: Information Disclosure
Severity rating: Important
Original release: Oct 04, 2016
The cryptography (CP) domain in Intel’s newest version of Intel® Integrated Performance Primitives (Intel® IPP) v2017 has been enhanced to improve its security and customers are strongly urged to update to this release. A potential side-channel vulnerability was identified in the Intel® Integrated Performance Primitives Cryptography which is bundled with Intel® IPP. The vulnerability allows an attacker to potentially recover enough information to retrieve a RSA private key. The root cause of the issue has been identified and mitigated in the latest release of IPP Cryptography. The CVSSv3 severity rating for this issue 7.1 (High). Intel has developed an update to the Intel® IPP Cryptography software and is making it available to customers. The mitigated versions are Intel® IPP Cryptography 2017 and 9.0.4. Users with licensed versions of IPP Cryptography can obtain the mitigated versions at this URL: <https://registrationcenter.intel.com/en/>. Intel strongly recommends customers impacted by this issue to upgrade to the latest version listed in the table above. […]