CVE-2020-10941

MEDIUM

Arm Mbed TLS <2.16.5 - Info Disclosure

Title source: llm

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

Core 4

Core References

Mailing List, Third Party Advisory vendor-advisory

Mailing List, Third Party Advisory vendor-advisory

Mailing List, Third Party Advisory mailing-list

Vendor Advisory

CVSS v3 5.9

EPSS 0.0070

EPSS Percentile 72.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Status published

Products (5)

arm/mbed_crypto < 3.1.0

arm/mbed_tls < 2.16.5

debian/debian_linux 10.0

fedoraproject/fedora 31

fedoraproject/fedora 32

Published Mar 24, 2020

Tracked Since Feb 18, 2026