CVE-2019-12904
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-12904
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12904.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-12904
- Downstream
- Related
- Published
- 2019-06-20T00:15:10Z
- Modified
- 2025-09-30T02:03:17.796517Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack
- Database specific
{ "isDisputed": true }- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html
- https://dev.gnupg.org/T4541
- https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
- https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
Affected packages
Git / git.gnupg.org/libgcrypt.git
Affected ranges
- Type
- GIT
- Repo
- git://git.gnupg.org/libgcrypt.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Type
- GIT
- Repo
- https://github.com/gpg/libgcrypt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
Other
DEVEL-BRANCH-1-1
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-1-0
V1-1-10
V1-1-11
V1-1-12
V1-1-2
V1-1-3
V1-1-4
V1-1-42
V1-1-43
V1-1-44
V1-1-5
V1-1-6
V1-1-7
V1-1-8
V1-1-9
V1-1-90
V1-1-91
V1-1-92
V1-1-93
V1-1-94
V1-2-0
V1-2-1
ecc-integration-done
last-gpl-version
marcus-after-thread-cbs
marcus-before-thread-cbs
now-less-freedom-protected
post-nuke-of-trailing-ws
libgcrypt-1.*
libgcrypt-1.3.0
libgcrypt-1.3.1
libgcrypt-1.3.2
libgcrypt-1.4.0
libgcrypt-1.4.1
libgcrypt-1.4.1rc1
libgcrypt-1.4.2
libgcrypt-1.4.2rc1
libgcrypt-1.4.2rc2
libgcrypt-1.4.3
libgcrypt-1.4.4
libgcrypt-1.5.0
libgcrypt-1.5.0-beta1
libgcrypt-1.6.0
libgcrypt-1.7.0
libgcrypt-1.7.1
libgcrypt-1.7.2
libgcrypt-1.7.3
libgcrypt-1.8.0
libgcrypt-1.8.1
libgcrypt-1.8.2
libgcrypt-1.8.3
libgcrypt-1.8.4
libgcrypt-1.9-base
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020",
"digest": {
"function_hash": "50530042207270560670037358667351096797",
"length": 454.0
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2019-12904-59129954",
"signature_version": "v1",
"target": {
"file": "cipher/cipher-gcm.c",
"function": "prefetch_table"
}
},
{
"source": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762",
"digest": {
"function_hash": "249305475008274481741661015200949864278",
"length": 437.0
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2019-12904-5fbdd5d4",
"signature_version": "v1",
"target": {
"file": "cipher/rijndael.c",
"function": "prefetch_table"
}
},
{
"source": "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020",
"digest": {
"function_hash": "188864900154291749590251265784040877583",
"length": 137.0
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2019-12904-82d728c0",
"signature_version": "v1",
"target": {
"file": "cipher/cipher-gcm.c",
"function": "do_prefetch_tables"
}
},
{
"source": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762",
"digest": {
"line_hashes": [
"170676254192867355065278068602767170770",
"200323506138487699769824381952269409482",
"90846129845722304208223295058127457938",
"10146382840581696760866732803292915032",
"1853475697772853258737780492506060937",
"48949491733747335306384687194247326244",
"240792624934447387928983271268976870158",
"159836278704678462590123480826481070936",
"224437165852989605351154828508260023499",
"80296829316540261046478454197551409012",
"236538901906775902760854898213506308890",
"80748712974215816850151152997081023419",
"83587176158046896977278769037657218538",
"106189861677514111955789902607329444529",
"242724539743210727148882501437781291105",
"122609552648928364037556331493999866541",
"290567374698628293723652757284717911067",
"304832221563747984453439454270694517118",
"119903559434895401738581966962524074655",
"204707981111809227718169769371489775255",
"333730446082517354167343441742305732153",
"177640782019667303477589153009444626201",
"166470573992855098697660513793220094216",
"264758216802897921131875616910793805235",
"202545340188243736411318647723214784856",
"284542175951301000454438311550250316864",
"15371783102163996865038481206424194294",
"55340966911592612646170129313775896112",
"67527061659223717495176312479960253388",
"273850594810071012602159920548921935110",
"241606507690528636846396967232821747986",
"295537191970343946954356993766658292187"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2019-12904-9eb54116",
"signature_version": "v1",
"target": {
"file": "cipher/rijndael.c"
}
},
{
"source": "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020",
"digest": {
"line_hashes": [
"189002826257408669128759034375905212269",
"147495826213941054984494423445647664546",
"33102979972908259902440845629143462135",
"331149972968635230237971843037903835136",
"113854897437479020591503865308247234088",
"318641791101058591685346538711197699428",
"158395093659860630991224170961974388191",
"125406081187271488463166952802855675526",
"240638456969778551273247244262136431518",
"45014739965640500365386683499546502411",
"172636175879913653517965888318782392133",
"338542884319522744192302121684392837264",
"2641972741959680537404221517402866291",
"48399570802991621377618315557875011477",
"229261730301942695602720475512908139390",
"90611412353631817232794772469578421252",
"245310116479622922628306794615678807201",
"146760992228978063051717925363337666664",
"258371321386048335637003486501788025350",
"103773147280995414399795552723729726232",
"266818595796662159132808672088676897018",
"123391703964456540593259735404769281043",
"250075584527457581071355747201436587260",
"129075194074043174850896628691802858309",
"280558094958721510584666638295584332984",
"170675455237096934774929804096690321285",
"246885828494726500944955874462529430717",
"126168227474785954432210426346609705101",
"167314899903632570288266517231323790870",
"162303274061528080939261933950542499812",
"232092973469628127101467868017286925280",
"162602741757229388663596969145610894788",
"83576902891654502175006506164213667129",
"43931734974034498572516292442230999056",
"41522579874235059439546188534791412719",
"147569393685464727402784265729094044930",
"218327607935313957632252925494820387107",
"82189974769844650744610798061133901621",
"268029967810112907946364859076437707486",
"323982784405538558825257805546761592058",
"62868392557384038653209247758044661265",
"7089963074201014786146204630067403474",
"9745470941509734163769145657177682128",
"121490334358820484152493369305994378213",
"56335442513119705041044334745440318688",
"62243756810162959790455810783423822438",
"266770602382655718172069133951702072549",
"175459196512863645091152400447034472962",
"237723324141162172567364324958603584553",
"145057539767425564440679868582191989211",
"35321667331302446335615322559838821087",
"208203946269359373654616408317636654844",
"263207282995998103652379599671256224326",
"114579815016846141655392235469310861937"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2019-12904-a3dcdd51",
"signature_version": "v1",
"target": {
"file": "cipher/cipher-gcm.c"
}
},
{
"source": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762",
"digest": {
"function_hash": "63913716082192072283501261060085382823",
"length": 91.0
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2019-12904-b475c78c",
"signature_version": "v1",
"target": {
"file": "cipher/rijndael.c",
"function": "prefetch_enc"
}
},
{
"source": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762",
"digest": {
"function_hash": "325767688251600611760358217447832834416",
"length": 447.0
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2019-12904-bd96c46e",
"signature_version": "v1",
"target": {
"file": "cipher/rijndael.c",
"function": "do_encrypt"
}
},
{
"source": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762",
"digest": {
"line_hashes": [
"262149040455562327282149930548466117986",
"9984194869400853772803252024234443390",
"93966826160466814758074919321089738540",
"265256407598502052711831169499422532354",
"218938309053887606715003351192662377431",
"240908646521321804905528691499703077705",
"335935107322331477572019442011366997129",
"257695918607334464068500766967851796670",
"48133533843515602780293402167081849299",
"317987029735851663459247512101187319082",
"254427712757428049782776324002557399258",
"110558970829766358938812723560936658067",
"181413074067795456033956317016905501524",
"14976276993214925369557260653058584592",
"297360856609022724538157012528767452299",
"62419583253286562617694010811503780336",
"99631725124958212434830015896421253092",
"5969805360734464589563521974793632517",
"299594481347506301797023481133461272061",
"191242830939956205885362570923482176461",
"173095539462638231054744460273170007963",
"212303735313998503753091001602578228141",
"274559546035051070071803937132910492551",
"104112814272862896566875453658645320092",
"185434030115328265531986882243217775787",
"101295622268664020580590926369543725275",
"202208042210036298111112945320668162268",
"234236680803524679765223008334577203268",
"21221162680448214336593803843035336485",
"37451820224364793776602087485553254775",
"169057749491249992901437614634036112332",
"3829622839871126269541108030516716632",
"267374005878372475484374039046139018146",
"178933077243265211702000602973943900582",
"111602495164180374053610110193627596917",
"190307966599030416785224158246500996286",
"241589327038236579653729659680245121963",
"196604654863019195906475401925727822812",
"188053381735191114103321775157348958569",
"43851234023114482481770835167900772338",
"154191902552720251927543022745078798609",
"109210459430530903069121143545479222998",
"170652842757876901037946671288528648719",
"5207776041272314537134608821065134820",
"291576011329976881925160380590221304376",
"131204800355998691084488202874595544280",
"295195047899118476670285316373322506053",
"319798034522378003241383696524622851776",
"13590195376168718943308590425662810973",
"292534908791143989132222135327433402836",
"304805325828406220203818296444336770976",
"127356497868620402736033359091918506318",
"226299054119838969415965272141236993534",
"5503605046270077390613611811722195453",
"33292473492372795670809798027380033291",
"123889301502406358962327101527436769293",
"312988279071998007725365319671210730952",
"204907979027454247925257231189027113452",
"2147218751971562393970367341492622059",
"39550158347337502256703160574789051317",
"4646356421719668376865323411217219334",
"286610485180465024366136627169201748058",
"94816941162797940829404479847547815047",
"32882647224176244153978846484569006425",
"217166124948687236712744320905345201241",
"119336095834785110713900999072825161360",
"114241285953530057187824456647440253950",
"23534809983095886294654166168765723420",
"281259055243849205368231133303121947154",
"286348696950719164580860450701073329428",
"82097979753170827040686367473336254684",
"158958493223649632404756206070270818848",
"123595816050043269440773012059350818744",
"121612706170285496267941736622030775153",
"105513533668370612274023031744500925309",
"251707641624959662663578056721111076251",
"66898639629311017332537817132556181186"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2019-12904-ceb6a56f",
"signature_version": "v1",
"target": {
"file": "cipher/rijndael-tables.h"
}
},
{
"source": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762",
"digest": {
"function_hash": "39903038991710186237971900269916256327",
"length": 105.0
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2019-12904-dc07be0c",
"signature_version": "v1",
"target": {
"file": "cipher/rijndael.c",
"function": "prefetch_dec"
}
},
{
"source": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762",
"digest": {
"line_hashes": [
"226022723126179194947199504047895901194",
"254587799060035148404420593234169865044",
"76297447798775286487852789288374751867",
"201872941241008638508927601874769355575",
"290902393172569324806065180571397332041",
"253655971040413265525881684620682992455"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2019-12904-dfb59406",
"signature_version": "v1",
"target": {
"file": "cipher/rijndael-internal.h"
}
},
{
"source": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762",
"digest": {
"function_hash": "294942198583891262699792233155142405538",
"length": 462.0
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2019-12904-f3da0bed",
"signature_version": "v1",
"target": {
"file": "cipher/rijndael.c",
"function": "do_decrypt"
}
}
]
}