GHSA-x5j2-g63m-f8g4: 
Rust vulnerability analysis and mitigation

KyberSlash (GHSA-x5j2-g63m-f8g4) is a high-severity vulnerability affecting Kyber software libraries, particularly the pqc_kyber crate versions <= 0.7.1. The vulnerability was discovered in December 2023 and publicly disclosed on February 9, 2024. The issue involves timing-based information leakage in various Kyber implementations where secret information can be exposed through CPU cycle variations during division operations (GitHub Advisory, RustSec Advisory).

The vulnerability stems from code that performs division operations where a secret numerator is divided by a public denominator. The timing of these CPU division operations varies depending on the input values, creating a potential side-channel that could leak sensitive information. The vulnerability has been assigned a CVSS v3.1 score of 7.4 (High), with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N, indicating network attack vector, high attack complexity, no privileges required, and potential impact on confidentiality and integrity (GitHub Advisory).

The vulnerability can lead to the exposure of secret information through timing side-channels, potentially compromising the security of the cryptographic implementation. This affects both confidentiality and integrity of the system, though availability remains unaffected (GitHub Advisory, RustSec Advisory).

Currently, there are no patched versions of the original pqckyber crate. However, a third-party fork called safepqc_kyber has been published that mitigates this attack vector. Additionally, the ml-kem crate is suggested as a maintained alternative pure Rust implementation of ML-KEM/Kyber (RustSec Advisory).

The vulnerability was documented by Daniel J. Bernstein, who authored the KyberSlash pages and maintains the permanent reference at kyberslash.cr.yp.to. The issue has gained attention in the cryptographic community, leading to various implementations being reviewed and updated (RustSec Advisory).