A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.
|arm:mbed_tls||arm mbed tls||2.7.17|
|arm:mbed_tls||arm mbed tls||2.16.8|
|arm:mbed_tls||arm mbed tls||2.24.0|
Fedora 31 : mbedtls (2020-48a1ae610c)
FreeBSD : Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS (4c69240f-f02c-11ea-838a-0011d823eebd)
Fedora 32 : mbedtls (2020-8b0d59bac6)
Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS