Vulnerability in AES Instructions on ARMv8 Platform: Lack of Intrinsic Resistance to Side-Channel Attacks

Vulnerability in AES Instructions on ARMv8 Platform: Lack of Intrinsic Resistance to Side-Channel Attacks

CVE-2022-48251 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."

Learn more about our Web Application Penetration Testing UK.