[openssl-users] CVE-201-0737

Scott Neugroschl scott_n at xypro.com
Mon Apr 16 15:59:58 UTC 2018


I'm trying to make sure I have grokked this advisory properly.

The advisory says this is a cache timing side channel attack on key generation.   So am I correct in assuming that a potential attacker must

1) Already have access to the system
2) Have sufficient privilege to be able to access cache info

Or am I completely mistaken here?



Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

More information about the openssl-users mailing list