safe_pqc_kyber leaks parts of secret keys
On some platforms, when an attacker can time decapsulation, and in particular when the attacker can forge cipher texts, they can learn (parts of) the secret key. Does not apply to ephemeral usage, such as when used in the regular way in TLS.