Vulnerability Description
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Marvell | Software Development Kit | 2.0 |
| Marvell | Octeon Ii Cn6000 | - |
| Marvell | Octeon Ii Cn6010 | - |
| Marvell | Octeon Ii Cn6020 | - |
| F5 | Traffix Signaling Delivery Controller | >= 3.3.2, <= 3.5.1 |
Related Weaknesses (CWE)
References
- http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditionsBroken Link
- https://people.redhat.com/~fweimer/rsa-crt-leaks.pdfTechnical DescriptionThird Party Advisory
- https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.htmlThird Party Advisory
- http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditionsBroken Link
- https://people.redhat.com/~fweimer/rsa-crt-leaks.pdfTechnical DescriptionThird Party Advisory
- https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.htmlThird Party Advisory
FAQ
What is CVE-2015-5738?
CVE-2015-5738 is a vulnerability with a CVSS score of 7.5 (HIGH). The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remo...
How severe is CVE-2015-5738?
CVE-2015-5738 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5738?
Check the references section above for vendor advisories and patch information. Affected products include: Marvell Software Development Kit, Marvell Octeon Ii Cn6000, Marvell Octeon Ii Cn6010, Marvell Octeon Ii Cn6020, F5 Traffix Signaling Delivery Controller.