CVE-2024-36405
📋 TL;DR
A timing side-channel vulnerability in liboqs' Kyber key encapsulation mechanism allows local attackers to extract the entire ML-KEM 512 secret key through decapsulation timing measurements. This affects systems using vulnerable versions of liboqs compiled with specific Clang compiler optimizations. The vulnerability enables complete compromise of post-quantum cryptographic keys.
💻 Affected Systems
- liboqs
- applications using liboqs for post-quantum cryptography
📦 What is this software?
Liboqs by Openquantumsafe
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of post-quantum cryptographic keys, enabling decryption of protected communications and impersonation of legitimate entities.
Likely Case
Local attackers with access to the system can extract secret keys, potentially compromising encrypted communications and authentication mechanisms.
If Mitigated
With proper patching and compiler configuration, the timing leak is eliminated, maintaining cryptographic security.
🎯 Exploit Status
Proof-of-concept demonstrates key extraction in ~10 minutes. Requires local access and ability to perform timing measurements.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.10.1
Vendor Advisory: https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp
Restart Required: Yes
Instructions:
1. Update liboqs to version 0.10.1 or later. 2. Recompile any applications using liboqs with the updated library. 3. Restart affected services using the library.
🔧 Temporary Workarounds
Compiler optimization workaround
allUse compiler options that produce vectorized code which may not leak secret information, though this is not guaranteed to be reliable.
Consider using -O2 or -O3 optimization levels instead of -Os or -O1 when compiling with Clang 15-18
🧯 If You Can't Patch
- Isolate systems using vulnerable liboqs versions from untrusted users and limit local access
- Consider using alternative post-quantum cryptographic implementations until patching is possible
🔍 How to Verify
Check if Vulnerable:
Check liboqs version and compilation details. If using version <0.10.1 compiled with Clang 15-18 using -Os or -O1 optimizations, system is vulnerable.Check Version:
Check liboqs version in your application or run: ldd <application> | grep liboqs to identify usage, then check version in package manager or build configuration.Verify Fix Applied:
Verify liboqs version is 0.10.1 or later and applications have been recompiled with the updated library.📡 Detection & Monitoring
Log Indicators:
- Unusual timing patterns in cryptographic operations
- Multiple failed decryption attempts with timing measurements
Network Indicators:
- Unusual local process activity during cryptographic operations
SIEM Query:
Process monitoring for timing measurement tools running concurrently with applications using liboqs🔗 References
- https://github.com/open-quantum-safe/liboqs/blob/7eecda6095c003ddded7175a1ffdf35a2ce63ed5/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c#L166
- https://github.com/open-quantum-safe/liboqs/commit/982c762c242ef549c914891b47bf6e0ed6321f91
- https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp
- https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c
- https://github.com/open-quantum-safe/liboqs/blob/7eecda6095c003ddded7175a1ffdf35a2ce63ed5/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c#L166
- https://github.com/open-quantum-safe/liboqs/commit/982c762c242ef549c914891b47bf6e0ed6321f91
- https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp
- https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c
