CVE-2024-45191 in libolm
Summary
by MITRE • 08/22/2024
An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/11/2024
The vulnerability identified as CVE-2024-45191 affects Matrix libolm version 3.2.16 and earlier, representing a significant cryptographic weakness in the library's implementation of the Advanced Encryption Standard. This issue specifically targets the AES encryption implementation where the SubWord step utilizes lookup tables containing S-boxes, creating a potential avenue for cache-timing attacks that can compromise the security of encrypted communications. The vulnerability resides in the software's handling of cryptographic operations, where the use of lookup tables for S-box computations introduces timing variations that attackers can exploit to infer sensitive information about encryption keys.
The technical flaw manifests through cache-timing attacks that exploit the varying execution times of cryptographic operations based on memory access patterns. When the AES implementation performs the SubWord step using lookup tables, the cache behavior becomes predictable to attackers who can monitor memory access patterns and timing variations. This vulnerability directly maps to CWE-310, which categorizes cryptographic weaknesses related to timing variations and side-channel attacks. The implementation's reliance on lookup tables for S-box computations creates a predictable timing profile that adversaries can analyze to reconstruct encryption keys or other sensitive cryptographic data.
The operational impact of this vulnerability extends beyond immediate cryptographic compromise, as it affects the integrity and confidentiality of communications secured by the affected library. Organizations using Matrix libolm in their messaging systems face potential exposure to key recovery attacks that could undermine the security of end-to-end encrypted communications. The vulnerability's significance increases when considering that it affects products no longer supported by maintainers, meaning users cannot receive official patches or updates to address the timing attack susceptibility. This creates a persistent risk for systems that continue to rely on outdated cryptographic implementations without proper security mitigations in place.
Security professionals should consider implementing mitigations such as constant-time implementations of cryptographic algorithms, cache randomization techniques, or hardware-based cryptographic accelerators to address the timing attack surface. The vulnerability aligns with ATT&CK technique T1006, which describes the use of timing attacks against cryptographic implementations, and represents a critical concern for any system relying on legacy cryptographic libraries that lack proper side-channel resistance mechanisms. Organizations should evaluate their cryptographic dependencies and consider migrating to supported libraries that implement proper timing attack mitigations to prevent exploitation of this cache-timing vulnerability.