{"id":"CVE-2019-12904","details":"In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack","modified":"2026-04-11T08:55:51.983518Z","published":"2019-06-20T00:15:10.667Z","related":["SUSE-SU-2019:1859-1","SUSE-SU-2019:1971-1","openSUSE-SU-2019:1792-1","openSUSE-SU-2024:10941-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html"},{"type":"ADVISORY","url":"https://dev.gnupg.org/T4541"},{"type":"FIX","url":"https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020"},{"type":"FIX","url":"https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"}],"affected":[{"ranges":[{"type":"GIT","repo":"git://git.gnupg.org/libgcrypt.git","events":[{"introduced":"0"},{"last_affected":"93775172713c00c363187b5d6a88895b04ac7c8e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.8.4"}]}},{"type":"GIT","repo":"https://github.com/gpg/libgcrypt","events":[{"introduced":"0"},{"fixed":"a4c561aab1014c3630bc88faf6f5246fee16b020"},{"fixed":"daedbbb5541cd8ecda1459d3b843ea4d92788762"}]}],"versions":["DEVEL-BRANCH-1-1","V-0-2-8","V0-0-0","V0-1-0","V0-2-0","V0-2-10","V0-2-15","V0-2-17","V0-2-18","V0-2-19","V0-2-6","V0-3-0","V0-3-1","V0-3-2","V0-3-3","V0-3-4","V0-3-5","V0-4-0","V0-4-1","V0-4-2","V0-4-3","V0-4-4","V0-4-5","V0-9-0","V0-9-1","V0-9-10","V0-9-11","V0-9-2","V0-9-3","V0-9-4","V0-9-5","V0-9-6","V0-9-7","V0-9-8","V0-9-9","V1-0-0","V1-0-1","V1-0-1-ePit-1","V1-0-2","V1-0-3","V1-0-4","V1-1-0","V1-1-10","V1-1-11","V1-1-12","V1-1-2","V1-1-3","V1-1-4","V1-1-42","V1-1-43","V1-1-44","V1-1-5","V1-1-6","V1-1-7","V1-1-8","V1-1-9","V1-1-90","V1-1-91","V1-1-92","V1-1-93","V1-1-94","V1-2-0","V1-2-1","ecc-integration-done","last-gpl-version","libgcrypt-1.3.0","libgcrypt-1.3.1","libgcrypt-1.3.2","libgcrypt-1.4.0","libgcrypt-1.4.1","libgcrypt-1.4.1rc1","libgcrypt-1.4.2","libgcrypt-1.4.2rc1","libgcrypt-1.4.2rc2","libgcrypt-1.4.3","libgcrypt-1.4.4","libgcrypt-1.5.0","libgcrypt-1.5.0-beta1","libgcrypt-1.6.0","libgcrypt-1.7.0","libgcrypt-1.7.1","libgcrypt-1.7.2","libgcrypt-1.7.3","libgcrypt-1.8.0","libgcrypt-1.8.1","libgcrypt-1.8.2","libgcrypt-1.8.3","libgcrypt-1.8.4","libgcrypt-1.9-base","marcus-after-thread-cbs","marcus-before-thread-cbs","now-less-freedom-protected","post-nuke-of-trailing-ws"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.0"}]}],"vanir_signatures_modified":"2026-04-11T08:55:51Z","vanir_signatures":[{"signature_type":"Function","digest":{"function_hash":"50530042207270560670037358667351096797","length":454},"target":{"file":"cipher/cipher-gcm.c","function":"prefetch_table"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-59129954","source":"https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020"},{"signature_type":"Function","digest":{"function_hash":"249305475008274481741661015200949864278","length":437},"target":{"file":"cipher/rijndael.c","function":"prefetch_table"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-5fbdd5d4","source":"https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"},{"signature_type":"Function","digest":{"function_hash":"188864900154291749590251265784040877583","length":137},"target":{"file":"cipher/cipher-gcm.c","function":"do_prefetch_tables"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-82d728c0","source":"https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020"},{"signature_type":"Line","digest":{"line_hashes":["170676254192867355065278068602767170770","200323506138487699769824381952269409482","90846129845722304208223295058127457938","10146382840581696760866732803292915032","1853475697772853258737780492506060937","48949491733747335306384687194247326244","240792624934447387928983271268976870158","159836278704678462590123480826481070936","224437165852989605351154828508260023499","80296829316540261046478454197551409012","236538901906775902760854898213506308890","80748712974215816850151152997081023419","83587176158046896977278769037657218538","106189861677514111955789902607329444529","242724539743210727148882501437781291105","122609552648928364037556331493999866541","290567374698628293723652757284717911067","304832221563747984453439454270694517118","119903559434895401738581966962524074655","204707981111809227718169769371489775255","333730446082517354167343441742305732153","177640782019667303477589153009444626201","166470573992855098697660513793220094216","264758216802897921131875616910793805235","202545340188243736411318647723214784856","284542175951301000454438311550250316864","15371783102163996865038481206424194294","55340966911592612646170129313775896112","67527061659223717495176312479960253388","273850594810071012602159920548921935110","241606507690528636846396967232821747986","295537191970343946954356993766658292187"],"threshold":0.9},"target":{"file":"cipher/rijndael.c"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-9eb54116","source":"https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"},{"signature_type":"Line","digest":{"line_hashes":["189002826257408669128759034375905212269","147495826213941054984494423445647664546","33102979972908259902440845629143462135","331149972968635230237971843037903835136","113854897437479020591503865308247234088","318641791101058591685346538711197699428","158395093659860630991224170961974388191","125406081187271488463166952802855675526","240638456969778551273247244262136431518","45014739965640500365386683499546502411","172636175879913653517965888318782392133","338542884319522744192302121684392837264","2641972741959680537404221517402866291","48399570802991621377618315557875011477","229261730301942695602720475512908139390","90611412353631817232794772469578421252","245310116479622922628306794615678807201","146760992228978063051717925363337666664","258371321386048335637003486501788025350","103773147280995414399795552723729726232","266818595796662159132808672088676897018","123391703964456540593259735404769281043","250075584527457581071355747201436587260","129075194074043174850896628691802858309","280558094958721510584666638295584332984","170675455237096934774929804096690321285","246885828494726500944955874462529430717","126168227474785954432210426346609705101","167314899903632570288266517231323790870","162303274061528080939261933950542499812","232092973469628127101467868017286925280","162602741757229388663596969145610894788","83576902891654502175006506164213667129","43931734974034498572516292442230999056","41522579874235059439546188534791412719","147569393685464727402784265729094044930","218327607935313957632252925494820387107","82189974769844650744610798061133901621","268029967810112907946364859076437707486","323982784405538558825257805546761592058","62868392557384038653209247758044661265","7089963074201014786146204630067403474","9745470941509734163769145657177682128","121490334358820484152493369305994378213","56335442513119705041044334745440318688","62243756810162959790455810783423822438","266770602382655718172069133951702072549","175459196512863645091152400447034472962","237723324141162172567364324958603584553","145057539767425564440679868582191989211","35321667331302446335615322559838821087","208203946269359373654616408317636654844","263207282995998103652379599671256224326","114579815016846141655392235469310861937"],"threshold":0.9},"target":{"file":"cipher/cipher-gcm.c"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-a3dcdd51","source":"https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020"},{"signature_type":"Function","digest":{"function_hash":"63913716082192072283501261060085382823","length":91},"target":{"file":"cipher/rijndael.c","function":"prefetch_enc"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-b475c78c","source":"https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"},{"signature_type":"Function","digest":{"function_hash":"325767688251600611760358217447832834416","length":447},"target":{"file":"cipher/rijndael.c","function":"do_encrypt"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-bd96c46e","source":"https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"},{"signature_type":"Line","digest":{"line_hashes":["262149040455562327282149930548466117986","9984194869400853772803252024234443390","93966826160466814758074919321089738540","265256407598502052711831169499422532354","218938309053887606715003351192662377431","240908646521321804905528691499703077705","335935107322331477572019442011366997129","257695918607334464068500766967851796670","48133533843515602780293402167081849299","317987029735851663459247512101187319082","254427712757428049782776324002557399258","110558970829766358938812723560936658067","181413074067795456033956317016905501524","14976276993214925369557260653058584592","297360856609022724538157012528767452299","62419583253286562617694010811503780336","99631725124958212434830015896421253092","5969805360734464589563521974793632517","299594481347506301797023481133461272061","191242830939956205885362570923482176461","173095539462638231054744460273170007963","212303735313998503753091001602578228141","274559546035051070071803937132910492551","104112814272862896566875453658645320092","185434030115328265531986882243217775787","101295622268664020580590926369543725275","202208042210036298111112945320668162268","234236680803524679765223008334577203268","21221162680448214336593803843035336485","37451820224364793776602087485553254775","169057749491249992901437614634036112332","3829622839871126269541108030516716632","267374005878372475484374039046139018146","178933077243265211702000602973943900582","111602495164180374053610110193627596917","190307966599030416785224158246500996286","241589327038236579653729659680245121963","196604654863019195906475401925727822812","188053381735191114103321775157348958569","43851234023114482481770835167900772338","154191902552720251927543022745078798609","109210459430530903069121143545479222998","170652842757876901037946671288528648719","5207776041272314537134608821065134820","291576011329976881925160380590221304376","131204800355998691084488202874595544280","295195047899118476670285316373322506053","319798034522378003241383696524622851776","13590195376168718943308590425662810973","292534908791143989132222135327433402836","304805325828406220203818296444336770976","127356497868620402736033359091918506318","226299054119838969415965272141236993534","5503605046270077390613611811722195453","33292473492372795670809798027380033291","123889301502406358962327101527436769293","312988279071998007725365319671210730952","204907979027454247925257231189027113452","2147218751971562393970367341492622059","39550158347337502256703160574789051317","4646356421719668376865323411217219334","286610485180465024366136627169201748058","94816941162797940829404479847547815047","32882647224176244153978846484569006425","217166124948687236712744320905345201241","119336095834785110713900999072825161360","114241285953530057187824456647440253950","23534809983095886294654166168765723420","281259055243849205368231133303121947154","286348696950719164580860450701073329428","82097979753170827040686367473336254684","158958493223649632404756206070270818848","123595816050043269440773012059350818744","121612706170285496267941736622030775153","105513533668370612274023031744500925309","251707641624959662663578056721111076251","66898639629311017332537817132556181186"],"threshold":0.9},"target":{"file":"cipher/rijndael-tables.h"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-ceb6a56f","source":"https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"},{"signature_type":"Function","digest":{"function_hash":"39903038991710186237971900269916256327","length":105},"target":{"file":"cipher/rijndael.c","function":"prefetch_dec"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-dc07be0c","source":"https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"},{"signature_type":"Line","digest":{"line_hashes":["226022723126179194947199504047895901194","254587799060035148404420593234169865044","76297447798775286487852789288374751867","201872941241008638508927601874769355575","290902393172569324806065180571397332041","253655971040413265525881684620682992455"],"threshold":0.9},"target":{"file":"cipher/rijndael-internal.h"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-dfb59406","source":"https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"},{"signature_type":"Function","digest":{"function_hash":"294942198583891262699792233155142405538","length":462},"target":{"file":"cipher/rijndael.c","function":"do_decrypt"},"signature_version":"v1","deprecated":false,"id":"CVE-2019-12904-f3da0bed","source":"https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12904.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}