Merge pull request #1418 from mpg/ssbleed-mstep-changelog

[3.6] Add ChangeLog entry for SSBleed and M-Step
2026-03-20 19:21:09 +01:00 · 2025-09-04 14:51:24 +01:00
parent 210f8bc4d7 07cbb33e76
commit 89f7cdbbac
1 changed files with 12 additions and 0 deletions
--- a/ChangeLog.d/ssbleed-mstep.txt
+++ b/ChangeLog.d/ssbleed-mstep.txt
@@ -0,0 +1,12 @@
+Security
+   * Fix a local timing side-channel in modular inversion and GCD that was
+     exploitable in RSA key generation and other RSA operations (see the full
+     advisory for details), allowing a local attacker to fully recover the
+     private key. This can be exploited on some Arm-v9 CPUs by an unprivileged
+     attacker running code on the same core (SSBleed), or when Trustzone-M is
+     used, by the non-secure side abusing timer interrupts (M-Step), and
+     probably in other similar settings as well. Found and reported
+     independently by: SSBleed: Chang Liu (Tsinghua University) and Trevor E.
+     Carlson (National University of Singapore); M-Step: Cristiano Rodrigues
+     (University of Minho), Marton Bognar (DistriNet, KU Leuven), Sandro Pinto
+     (University of Minho), Jo Van Bulck (DistriNet, KU Leuven). CVE-2025-54764