CVE-2020-16150 — Observable Discrepancy in ARM Mbed TLS

CWE-203 — Observable Discrepancy9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 76.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mbed Mbedtls ARM Mbed TLS Debian Linux +1 more

Timeline

PublishedSep 2

Latest updateMay 13

Description

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDarm/mbed_tls2.8.0 — 2.16.8+2

▶Debianmbed/mbedtls< 2.16.9-0.1+3

Also affects: Debian Linux 10.0, Fedora 31, 32, 33

🔴Vulnerability Details

GHSA

GHSA-fgr3-j7rx-4hfv: A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg↗2022-05-24

▶

CVEList

CVE-2020-16150: A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg↗2020-09-02

▶

OSV

CVE-2020-16150: A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg↗2020-09-02

▶

📋Vendor Advisories

Debian

CVE-2020-16150: mbedtls - A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c i...↗2020

▶

📄Research Papers

arXiv

SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems↗2024-05-13

▶

💬Community

Bugzilla

CVE-2020-16150 mbedtls: local side channel attack on classical CBC decryption in (D)TLS [fedora-all]↗2020-09-02

▶

Bugzilla

CVE-2020-16150 mbedtls: local side channel attack on classical CBC decryption in (D)TLS [epel-all]↗2020-09-02

▶

Bugzilla

CVE-2020-16150 mbedtls: local side channel attack on classical CBC decryption in (D)TLS↗2020-09-02

▶