4 matches found
CVE-2024-28960
CVE-2024-28960 affects Mbed TLS 2.18.0–2.28.x (before 2.28.8) and Mbed TLS 3.x (before 3.6.0), and Mbed Crypto. The PSA Crypto API mishandles shared memory. Reported impact: high confidentiality impact, low integrity impact; exploitation context is not detailed in the provided documents. Public f...
CVE-2019-18222
CVE-2019-18222 affects Arm Mbed Crypto 2.1 and Mbed TLS up to 2.19.1: the ECDSA implementation in ecdsa.c does not reduce the blinded scalar before the inverse, enabling local side-channel attacks to recover the private key. Several advisories report upstream fixes (e.g., 2.20.0, 3.0.1) and packa...
CVE-2019-16910
Arm Mbed TLS prior to 2.19.0 and Arm Mbed Crypto prior to 2.0.0 are affected by CVE-2019-16910. When deterministic ECDSA is enabled, the RNG blinding uses insufficient entropy, enabling a side-channel based attack that could recover a private key if the same message is signed repeatedly. The issu...
CVE-2020-10941
Summary: CVE-2020-10941 affects Arm Mbed TLS before 2.16.5, where an attacker could recover an RSA private key by measuring cache usage during import. The connected advisories confirm updated packages (e.g., 2.16.7) across distributions (e.g., Fedora/Debian), indicating remediation by upgrading t...