An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Olm | Matrix | * | 3.2.16 (including) |
| Olm | Ubuntu | focal | * |
| Olm | Ubuntu | oracular | * |