Arm: >> Mbed Tls >> 2.7.16 Security Vulnerabilities
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
CVSS Score
4.9
EPSS Score
0.003
Published
2021-07-14
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-09-02
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
CVSS Score
5.9
EPSS Score
0.007
Published
2020-03-24
Page 4