GHSA-x5j2-g63m-f8g4: pqc_kyber KyberSlash: division timings depending on secrets

February 9, 2024 (updated April 15, 2024)

Various Kyber software libraries in various environments leak secret information into timing, specifically because

these libraries include a line of code that divides a secret numerator by a public denominator,
the number of CPU cycles for division in various environments varies depending on the inputs to the division, and
this variation appears within the range of numerators used in these libraries.

The KyberSlash pages track which Kyber libraries have this issue, and include a FAQ about the issue.

References

github.com/Argyle-Software/kyber
github.com/Argyle-Software/kyber/issues/108
github.com/advisories/GHSA-x5j2-g63m-f8g4
github.com/bwesterb/argyle-kyber/commit/b5c6ad13f4eece80e59c6ebeafd787ba1519f5f6
rustsec.org/advisories/RUSTSEC-2023-0079.html

Detect and mitigate GHSA-x5j2-g63m-f8g4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →