CVE-2025-9231

Issue summary: A timing side-channel which could potentially allow remote<br /> recovery of the private key exists in the SM2 algorithm implementation on 64 bit<br /> ARM platforms.<br /> <br /> Impact summary: A timing side-channel in SM2 signature computations on 64 bit<br /> ARM platforms could allow recovering the private key by an attacker..<br /> <br /> While remote key recovery over a network was not attempted by the reporter,<br /> timing measurements revealed a timing signal which may allow such an attack.<br /> <br /> OpenSSL does not directly support certificates with SM2 keys in TLS, and so<br /> this CVE is not relevant in most TLS contexts. However, given that it is<br /> possible to add support for such certificates via a custom provider, coupled<br /> with the fact that in such a custom provider context the private key may be<br /> recoverable via remote timing measurements, we consider this to be a Moderate<br /> severity issue.<br /> <br /> The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this<br /> issue, as SM2 is not an approved algorithm.