CVE-2020-10932
published 2020-04-15CVE-2020-10932: An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover…
PriorityP422medium4.7CVSS 3.1
AVLACHPRLUINSUCHINAN
EPSS
0.25%
15.9th percentile
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | mbed_tls | >= 2.7.0 < 2.7.15 | 2.7.15 |
| debian | debian_linux | — | — |
| debian | mbedtls | < mbedtls 2.16.9-0.1 (bookworm) | mbedtls 2.16.9-0.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mbed | mbedtls | >= 0 < 2.16.9-0.1 | 2.16.9-0.1 |
| mbed | mbedtls | >= 0 < 2.16.9-0.1 | 2.16.9-0.1 |
| mbed | mbedtls | >= 0 < 2.16.9-0.1 | 2.16.9-0.1 |
| mbed | mbedtls | >= 0 < 2.16.9-0.1 | 2.16.9-0.1 |
| trustedfirmware | mbed_tls | >= 2.16.0 < 2.16.6 | 2.16.6 |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
osv4.7MEDIUM
vendor_debian4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fj9x-f2wx-v38w: An issue was discovered in Arm Mbed TLS before 2
ghsa_unreviewed·2022-05-24
CVE-2020-10932 [MEDIUM] CWE-327 GHSA-fj9x-f2wx-v38w: An issue was discovered in Arm Mbed TLS before 2
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.
OSV
CVE-2020-10932: An issue was discovered in Arm Mbed TLS before 2
osv·2020-04-15·CVSS 4.7
CVE-2020-10932 [MEDIUM] CVE-2020-10932: An issue was discovered in Arm Mbed TLS before 2
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.
Debian
CVE-2020-10932: mbedtls - An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. A...
vendor_debian·2020·CVSS 4.7
CVE-2020-10932 [MEDIUM] CVE-2020-10932: mbedtls - An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. A...
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.
Scope: local
bookworm: resolved (fixed in 2.16.9-0.1)
bul
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure [epel-all]
bugzilla·2020-05-21·CVSS 4.7
CVE-2020-10932 [MEDIUM] CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure [epel-all]
CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure [fedora-all]
bugzilla·2020-05-21·CVSS 4.7
CVE-2020-10932 [MEDIUM] CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure [fedora-all]
CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multi
Bugzilla
CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure
bugzilla·2020-05-21·CVSS 4.7
CVE-2020-10932 [MEDIUM] CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure
CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure
A side channel attack in conjuction with other methods possibly leading to information disclosure.
Upstream Advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
Discussion:
Created mbedtls tracking bugs for this issue:
Affects: epel-all [bug 1838552]
Affects: fedora-all [bug 1838551]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-releasedhttps://tls.mbed.org/tech-updates/security-advisorieshttps://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04https://lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-releasedhttps://tls.mbed.org/tech-updates/security-advisorieshttps://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
2020-04-15
Published