| Severity | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE ID | CVE-2018-0737 |
| CVSSv3 |
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] |
| CWE ID |
CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Opensuse |
| Vulnerable software versions |
Opensuse 15.0 |
| Vendor URL | Novell |
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists in the RSA key generation algorithm's BN_mod_inverse() and BN_mod_exp_mont() functions due to a cache timing side channel attack. A local attacker can recover the private key.
Update the affected packages.
https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00009.html