AWS-LC Timing Side-Channel Vulnerability in AES-CCM Tag Verification

A timing side-channel vulnerability has been identified in AWS-LC, an open-source cryptographic library. This issue allows an unauthenticated user to potentially infer the validity of authentication tags during AES-CCM decryption by analyzing timing discrepancies. The vulnerability affects versions 1.21.0 prior to 1.69.0, as well as AWS-LC-FIPS-3.0.0 prior to 3.2.0. The issue arises in the EVP CIPHER API implementations of EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm.

Impact

Exploitation of this vulnerability could lead to unauthorized determination of authentication tag validity, potentially allowing for replay or forgery attacks in protocols that rely on AES-CCM for encryption and authentication.

Remediation

Users of AWS-LC should upgrade to version 1.69.0 or later. For those using AWS-LC-FIPS, upgrade to version 3.2.0. Applications currently using AES-CCM with (M=4, L=2), (M=8, L=2), or (M=16, L=2) can temporarily switch to the EVP AEAD API with the corresponding Bluetooth or Matter implementations.