Sensitive Information Disclosure in Arm Mbed TLS by Measuring Cache Usage
CVE-2020-10941

5.9MEDIUM

Key Information:

Vendor
Arm
Status
Mbed Crypto
Mbed Tls
Vendor
CVE Published:
24 March 2020

Summary

Arm Mbed TLS versions before 2.16.5 are susceptible to a vulnerability where an attacker may exploit cache timing information to retrieve sensitive RSA private keys. This vulnerability enables unauthorized access to cryptographic secrets through analyzing cache behavior during the key import process. Organizations using affected versions should prioritize updating their Mbed TLS implementation to mitigate potential information leakage.

References

https://tls.mbed.org/tech-updates/security-advisories/mbe...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.