CVE-2018-0498 — ARM Mbed TLS vulnerability

9 documents8 sources

Severity

4.7MEDIUMNVD

OSV9.8

EPSS

0.2%

top 56.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mbed Mbedtls ARM Mbed TLS Debian Linux

Timeline

PublishedJul 28

Latest updateMay 13

Description

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

▶NVDarm/mbed_tls2.2.0 — 2.7.5+2

▶Debianmbed/mbedtls< 2.12.0-1+3

▶Ubuntumbed/mbedtls< 2.2.1-2ubuntu0.3

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-f3f3-2pmh-mpg9: ARM mbed TLS before 2↗2022-05-13

▶

OSV

mbedtls vulnerabilities↗2020-02-05

▶

CVEList

CVE-2018-0498: ARM mbed TLS before 2↗2018-07-28

▶

OSV

CVE-2018-0498: ARM mbed TLS before 2↗2018-07-28

▶

📋Vendor Advisories

Ubuntu

ARM mbed TLS vulnerabilities↗2020-02-05

▶

Debian

CVE-2018-0498: mbedtls - ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users t...↗2018

▶

📄Research Papers

arXiv

SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems↗2024-05-13

▶

💬Community

Bugzilla

CVE-2018-0498 CVE-2018-0497 mbedtls: Two critical flaws fixed in latest release↗2018-08-02

▶