[openssl-users] CVE-201-0737

[Matt Caswell]

On 16/04/18 16:59, Scott Neugroschl wrote:
> Hi,
> 
> I'm trying to make sure I have grokked this advisory properly.
> 
> The advisory says this is a cache timing side channel attack on key generation.   So am I correct in assuming that a potential attacker must
> 
> 1) Already have access to the system
> 2) Have sufficient privilege to be able to access cache info

Correct.

Matt