Are Red Hat products affected by the OpenSSL AES cache timing attack described in the paper "Wait a minute! A fast, Cross-VM attack on AES"?

Solution In Progress - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL)
    • 6.x
    • 7.x
  • Red Hat Enterprise Linux OpenStack Platform
    • 3
    • 4
  • Red Hat Enterprise Virtualization (RHEV)
    • 3.x

Issue

A research paper was recently published, demonstrating a technique for recovering the full Advanced Encryption Standard (AES) key from a virtual machine (VM) running on the same physical hardware as an attacker's VM. The paper demonstrated this attack against the VMWare hypervisor, but it has since emerged that KVM hypervisors may also be affected.

The issue stems from an information leak in timing differences for access to the processor cache, making it possible for processes to determine information about the encryption keys for T table-based encryption algorithms. If Kernel Samepage Merging (KSM) is enabled, then it is possible for one VM to exploit this issue against another VM running on the same KVM hypervisor.

Resolution

The version of OpenSSL shipped with various Red Hat products is not affected by this issue.

It’s not clear from the research paper how the researchers were able to conduct the side channel attack. All evidence suggests that they ended up using the standard reference C implementation of AES instead of assembly modules which have mitigations in place. The researchers were contacted but did not respond to this point. Anyone using an OpenSSL binary they built themselves using the defaults, or precompiled as part of a Linux distribution should not be vulnerable to these attacks. For more details, please see "It’s all a question of time – AES timing attacks on OpenSSL" on the Red Hat security blog.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments