CVE-2020-36421

2021-07-1917:15:11

Debian Security Bug Tracker

security-tracker.debian.org

arm mbed tls

cve-2020-36421

modular exponentiation

rsa private key

secure enclave

side channel

disclosure

unix

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.004

Percentile

73.8%

JSON

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.

OSVersionArchitecturePackageVersionFilename
Debian12allmbedtls< 2.16.9-0.1mbedtls_2.16.9-0.1_all.deb
Debian11allmbedtls< 2.16.9-0.1mbedtls_2.16.9-0.1_all.deb
Debian999allmbedtls< 2.16.9-0.1mbedtls_2.16.9-0.1_all.deb
Debian13allmbedtls< 2.16.9-0.1mbedtls_2.16.9-0.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	mbedtls	< 2.16.9-0.1	mbedtls_2.16.9-0.1_all.deb
Debian	11	all	mbedtls	< 2.16.9-0.1	mbedtls_2.16.9-0.1_all.deb
Debian	999	all	mbedtls	< 2.16.9-0.1	mbedtls_2.16.9-0.1_all.deb
Debian	13	all	mbedtls	< 2.16.9-0.1	mbedtls_2.16.9-0.1_all.deb