SB2021070825 - Local side channel attacks in Mbed TLS 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021070825

SB2021070825 - Local side channel attacks in Mbed TLS

Published: July 8, 2021

Security Bulletin ID SB2021070825
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Local side channel attack (CVE-ID: N/A)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to observable timing discrepancy. An attacker with access to precise enough timing and memory access information (for example, able to execute arbitrary code and sharing a memory cache with the victim) can recover the private keys used in static Diffie-Hellman with x25519 and x448.


2) Local side channel attack (CVE-ID: N/A)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to observable timing discrepancy. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) can recover the private keys used in RSA.


Remediation

Install update from vendor's website.

References