CVE-2016-0702
A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys.
Find out more about CVE-2016-0702 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 2.6 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:N/C:P/I:P/A:N |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Core Services 1 | RHSA-2016:2957 | 2016-12-15 |
| RHEV Hypervisor for RHEL-6 (rhev-hypervisor7) | RHSA-2016:0379 | 2016-03-09 |
| Red Hat Enterprise Linux 7 (openssl) | RHSA-2016:0301 | 2016-03-01 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhev-hypervisor7) | RHSA-2016:0379 | 2016-03-09 |
| Red Hat Enterprise Linux 6 (openssl) | RHSA-2016:0301 | 2016-03-01 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss Web Server 3.0 | openssl | Will not fix |
| Red Hat JBoss EWS 2 | openssl | Not affected |
| Red Hat JBoss EAP 6 | openssl | Not affected |
| Red Hat Enterprise Linux Extended Update Support 7.2 | rhel-guest-image | Will not fix |
| Red Hat Enterprise Linux Extended Update Support 6.7 | guest-images | Will not fix |
| Red Hat Enterprise Linux 7 | openssl098e | Will not fix |
| Red Hat Enterprise Linux 6 | openssl098e | Will not fix |
| Red Hat Enterprise Linux 5 | openssl | Will not fix |
| Red Hat Enterprise Linux 5 | openssl097a | Will not fix |
| RHEV Manager 3 | rhev-hypervisor | Will not fix |