Intel ID: INTEL-SA-00106
Product family: Intel® Integrated Performance Primitives
Impact of vulnerability: Information Disclosure
Severity rating: Moderate
Original release: 05/10/2018
Last revised: 05/10/2018

Summary:
Some implementations in Intel® Integrated Performance Primitives Cryptography Library before version 2018 U2.1 do not properly ensure constant execution time.
- 4.7 Medium CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:
Intel® Integrated Performance Primitives Cryptography Library before 2018 U2.1.

Recommendations:
Intel recommends that users of Intel® Integrated Performance Primitives Cryptography Library evaluate their implementations and update to IPP 2018 U2.1 as appropriate.

For the latest release: https://registrationcenter.intel.com...productid=2717

Acknowledgements:
Intel thanks Ahmad Moghimi, Thomas Eisenbarth, and Berk Sunar from Worcester Polytechnic Institute for reporting this issue.

Revision History

Revision Date Description
1.0 May 10, 2018 Initial Release

Source: INTEL-SA-00106