GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. (CVE-2013-4242)
Impact
A local user may obtain confidential information by exploiting this vulnerability.
Note: This is only used directly in verification of ISOs and ASM signatures, which does open up some risk, but only during the verification process.