CVE-2022-25332

MEDIUM Year: 2022
CVSS v3 Score
4.1
Medium
Weakness Type
CWE-208
View all →

Vulnerability Description

The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).

Related Vulnerabilities

CVE-2024-21671

LOW
CVSS:3.7(Low)

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the respon...

CWE-2082024

CVE-2025-30344

LOW
CVSS:3.7(Low)

An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing di...

CWE-2082025

CVE-2020-11037

MEDIUM
CVSS:4.7(Medium)

In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password c...

CWE-2082020

CVE-2020-35165

MEDIUM
CVSS:4.7(Medium)

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CWE-2082020

CVE-2021-26318

MEDIUM
CVSS:4.7(Medium)

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.

CWE-2082021

CVE-2023-25000

MEDIUM
CVSS:4.7(Medium)

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large n...

CWE-2082023