Tag: Intel IPP

CVE-2018-12155, INTEL-SA-00202: Intel Integrated Performance Primitives advisory

~ hucktech ~ Leave a comment

Advisory Category: Software
Impact of vulnerability: Information Disclosure
Severity rating: MEDIUM
Original release: 12/05/2018

A potential security vulnerability in Intel® IPP may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Data leakage in cryptographic libraries for Intel(R) IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access. Intel recommends that users of Intel® IPP update to 2019 update1 or later. Updates are available for download […]  Intel would like to thank an Wichelmann (Universität zu Lübeck), Ahmad Moghimi (Worcester Polytechnic Institute), Thomas Eisenbarth (Universität zu Lübeck) and Berk Sunar (Worcester Polytechnic Institute) for reporting this issue and working with us on coordinated disclosure.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12155

https://software.intel.com/en-us/intel-ipp

https://software.intel.com/en-us/ipp-dev-reference

Intel IPP crypto has RSA private key side-channel attack

~ hucktech ~ Leave a comment

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr

Intel has found an RSA private key vulnerability with their Intel Performance Primitives (Intel IPP).

A vulnerability in Intel Integrated Performance Primitives (IPP) Cryptography allows local users to recover the RSA private key via a potential side-channel.
Intel ID:      INTEL-SA-00060
Product family:      The cryptography (CP) domain in Intel® Integrated Performance Primitives (Intel® IPP)
Impact of vulnerability:      Information Disclosure
Severity rating:      Important
Original release:      Oct 04, 2016

The cryptography (CP) domain in Intel’s newest version of Intel® Integrated Performance Primitives (Intel® IPP) v2017 has been enhanced to improve its security and customers are strongly urged to update to this release.  A potential side-channel vulnerability was identified in the Intel® Integrated Performance Primitives Cryptography which is bundled with Intel® IPP. The vulnerability allows an attacker to potentially recover enough information to retrieve a RSA private key. The root cause of the issue has been identified and mitigated in the latest release of IPP Cryptography. The CVSSv3 severity rating for this issue 7.1 (High). Intel has developed an update to the Intel® IPP Cryptography software and is making it available to customers. The mitigated versions are Intel® IPP Cryptography 2017 and 9.0.4. Users with licensed versions of IPP Cryptography can obtain the mitigated versions at this URL: <https://registrationcenter.intel.com/en/&gt;. Intel strongly recommends customers impacted by this issue to upgrade to the latest version listed in the table above. […]