CVE-2023-51939: 
NixOS vulnerability analysis and mitigation

An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. The vulnerability was discovered and disclosed in December 2023 (Relic Issue).

The vulnerability exists in the signature implementation (Line 70 in relic_cp_bbs.c) of the Boneh Boyen short signature (BBS) scheme. The implementation is vulnerable to fault attacks, specifically through Rowhammer, which is a software-induced DRAM fault technique. Through proof-of-concept testing, researchers were able to recover 190 bits out of 224 secret bits (Advisory, Research PoC).

The vulnerability allows a malicious user process co-residing on the same system with a victim process running the BBS short signature from the relic library to induce bit flips in shared main memory. This can result in faulty signatures being generated, which can be exploited to recover and leak the secret key (Research PoC).

An effective mitigation is to verify the signature after signing a message. This countermeasure has been used by other libraries like OpenSSL and WolfSSL to mitigate similar Rowhammer attacks. The recommendation is to add verification right after signature generation using the cp_bbs_ver function. If verification fails, the cp_bbs_sign function should not generate a signature (Research PoC).