#VU46188 Side channel attack on RSA and static Diffie-Hellman in mbed TLS

Cybersecurity Help s.r.o.

Published: 2020-09-01

Vulnerability identifier: #VU46188

Vulnerability risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-310

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
mbed TLS
Universal components / Libraries / Libraries used by multiple products

Vendor: ARM

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to mbed TLS is using the GCD functio, which is prone to a single-trace side-channel attack. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) can recover the private keys used in RSA or static (finite-field) Diffie-Hellman operations.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

mbed TLS: 2.0.0, 2.1.0 - 2.19.1, 2.2.0 - 2.23.0, 2.3.0, 2.4.0 - 2.4.2, 2.5.0 - 2.5.1, 2.6.0 - 2.6.1, 2.7.0 - 2.7.16, 2.8.0, 2.9.0

External links
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Mbed TLS