Description

A vulnerability has been found in the ECC scalar multiplication implementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation, used in e.g. ECDSA and ECDH, has been shown
to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.