Upstream information
Description
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 5.3 |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N |
| Attack Vector | Local |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality Impact | Low |
| Integrity Impact | High |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2025:14663-1, published Sat Jan 18 18:49:59 2025
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-14663 |
SUSE Timeline for this CVE
CVE page created: Wed May 10 16:00:45 2023CVE page last modified: Sat Jan 18 19:45:31 2025