CVE-2025-22866

Summary

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

Affected Software

VendorProductVersion RangeStatus
Go standard librarycrypto/internal/nistec0 < 1.22.12affected
Go standard librarycrypto/internal/nistec1.23.0-0 < 1.23.6affected
Go standard librarycrypto/internal/nistec1.24.0-0 < 1.24.0-rc.3affected

Weaknesses

  • CWE-208: Observable Timing Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References