Lucene search
MitreCVELIST:CVE-2022-46392HistoryDec 15, 2022 - 12:00 a.m.
CVE-2022-46392
2022-12-1500:00:00
mitre
www.cve.org
8
mbed tls
rsa
private key
recovery
memory accesses
operating system
secure enclave
exponentiation
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
References
github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/
Related
debiancve
debiancve
CVE-2022-46392
2022-12-15 23:15:10
osv
osv
CVE-2022-46392
2022-12-15 23:15:10
nessus
nessus
CBL Mariner 2.0 Security Update: fluent-bit (CVE-2022-46392)
2023-03-20 00:00:00
Fedora 37 : mbedtls (2023-7456a62f60)
2024-04-29 00:00:00
Fedora 36 : mbedtls (2023-3c4a525dcc)
2023-01-13 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-46392 affecting package fluent-bit for versions less than 2.0.9-1
2023-03-09 00:23:58
CVE-2022-46392 affecting package fluent-bit 1.5.2-3
2024-09-27 09:12:39
ubuntucve
ubuntucve
CVE-2022-46392
2022-12-15 00:00:00
cve
cve
CVE-2022-46392
2022-12-15 23:15:10
prion
prion
Design/Logic Flaw
2022-12-15 23:15:00
nvd
nvd
CVE-2022-46392
2022-12-15 23:15:10
openvas
openvas
Fedora: Security Advisory for mbedtls (FEDORA-2023-3c4a525dcc)
2023-01-13 00:00:00
Fedora: Security Advisory for mbedtls (FEDORA-2023-7456a62f60)
2023-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: mbedtls-2.28.2-1.fc36
2023-01-13 01:21:34
[SECURITY] Fedora 37 Update: mbedtls-2.28.2-1.fc37
2023-01-11 01:23:09
gentoo
gentoo
Mbed TLS: Multiple Vulnerabilities
2024-09-22 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00