Side-channel Vulnerability in Trusted Firmware Mbed TLS Affecting RSA Key Security
CVE-2021-24119

4.9MEDIUM

Key Information:

Vendor: Arm
Status: Mbed Tls
Vendor: CVE Published:; 14 July 2021

Summary

A side-channel vulnerability in Trusted Firmware Mbed TLS version 2.24.0 allows system-level attackers to extract sensitive information from isolated environments. By leveraging controlled and side-channel attacks, attackers can potentially obtain secret RSA key data, especially when software runs in environments using Intel SGX. This poses a risk to the integrity and confidentiality of cryptographic operations, making it essential for system administrators to address and mitigate this vulnerability promptly.

References

https://github.com/ARMmbed/mbedtls/releases

https://github.com/UzL-ITS/util-lookup/blob/main/cve-vuln...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2021
Vulnerability Reserved
Jan 14, 2021