Severity | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE ID | CVE-2018-0737 |
CVSSv3 |
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] |
CWE ID |
CWE-200 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
Opensuse |
Vulnerable software versions |
Opensuse 15.0 |
Vendor URL | Novell |
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists in the RSA key generation algorithm's BN_mod_inverse() and BN_mod_exp_mont() functions due to a cache timing side channel attack. A local attacker can recover the private key.
Update the affected packages.
https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00009.html