CVE-2025-22866
published 2025-02-06CVE-2025-22866: Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on…
PriorityP414medium4CVSS 3.1
AVLACLPRNUINSUCLINAN
EPSS
0.27%
19.0th percentile
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-1.15 | < golang-1.24 1.24~rc3-1 (forky) | golang-1.24 1.24~rc3-1 (forky) |
| debian | golang-1.19 | < golang-1.24 1.24~rc3-1 (forky) | golang-1.24 1.24~rc3-1 (forky) |
| debian | golang-1.24 | < golang-1.24 1.24~rc3-1 (forky) | golang-1.24 1.24~rc3-1 (forky) |
| go_standard_library | crypto_internal_nistec | < 1.22.12 | 1.22.12 |
| go_standard_library | crypto_internal_nistec | >= 1.23.0-0 < 1.23.6 | 1.23.6 |
| go_standard_library | crypto_internal_nistec | >= 1.24.0-0 < 1.24.0-rc.3 | 1.24.0-rc.3 |
| msrc | azl3_golang_1.22.10-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.23.3-3_on_azure_linux_3.0 | — | — |
| msrc | cbl2_golang_1.18.8-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.22.7-3_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.14.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv6.1MEDIUM
vendor_msrc8.4HIGH
vendor_ubuntu6.1MEDIUM
vendor_debian4.0MEDIUM
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
golang-1.22 vulnerabilities
osv·2025-06-18·CVSS 6.1
CVE-2024-45336 [MEDIUM] golang-1.22 vulnerabilities
golang-1.22 vulnerabilities
Kyle Seely discovered that the Go net/http module did not properly handle
sensitive headers during repeated redirects. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2024-45336)
Juho Forsén discovered that the Go crypto/x509 module incorrectly handled
IPv6 addresses during URI parsing. An attacker could possibly use this
issue to bypass certificate URI constraints. (CVE-2024-45341)
It was discovered that the Go crypto module did not properly handle
variable time instructions under certain circumstances on 64-bit Power
(ppc64el) systems. An attacker could possibly use this issue to expose
sensitive information. (CVE-2025-22866)
It was discovered that the Go http/httpproxy module did not properly
handle IPv6 zone IDs during hos
GHSA
GHSA-3whm-j4xm-rv8x: Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are l
ghsa_unreviewed·2025-02-06
CVE-2025-22866 [HIGH] GHSA-3whm-j4xm-rv8x: Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are l
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
OSV
Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
osv·2025-02-06
CVE-2025-22866 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
OSV
CVE-2025-22866: Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are l
osv·2025-02-06·CVSS 4.0
CVE-2025-22866 [MEDIUM] CVE-2025-22866: Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are l
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
Ubuntu
Go vulnerabilities
vendor_ubuntu·2025-06-18·CVSS 6.1
CVE-2024-45341 [MEDIUM] Go vulnerabilities
Title: Go vulnerabilities
Summary: Several security issues were fixed in Go.
Kyle Seely discovered that the Go net/http module did not properly handle
sensitive headers during repeated redirects. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2024-45336)
Juho Forsén discovered that the Go crypto/x509 module incorrectly handled
IPv6 addresses during URI parsing. An attacker could possibly use this
issue to bypass certificate URI constraints. (CVE-2024-45341)
It was discovered that the Go crypto module did not properly handle
variable time instructions under certain circumstances on 64-bit Power
(ppc64el) systems. An attacker could possibly use this issue to expose
sensitive information. (CVE-2025-22866)
It was discovered that the Go http/httpproxy modul
Microsoft
Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
vendor_msrc·2025-02-11·CVSS 8.4
CVE-2025-22866 [MEDIUM] Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Go: Go
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://l
Red Hat
crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
vendor_redhat·2025-02-06·CVSS 4.0
CVE-2025-22866 [MEDIUM] CWE-200 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key w
Debian
CVE-2025-22866: golang-1.15 - Due to the usage of a variable time instruction in the assembly implementation o...
vendor_debian·2025·CVSS 4.0
CVE-2025-22866 [MEDIUM] CVE-2025-22866: golang-1.15 - Due to the usage of a variable time instruction in the assembly implementation o...
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
2025-02-06
Published