Description
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
References (5)
Core 5
Core References
Release Notes, Third Party Advisory
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
Release Notes, Third Party Advisory
https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/
Scores
CVSS v3
5.3
EPSS
0.0023
EPSS Percentile
45.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-203
Status
published
Products (3)
arm/mbed_tls
< 2.28.2
fedoraproject/fedora
36
fedoraproject/fedora
37
Published
Dec 15, 2022
Tracked Since
Feb 18, 2026