CVE-2024-28960
HIGHMbed TLS 2.18.0-2.28.x < 2.28.8 and 3.x < 3.6.0 and Mbed Crypto - Improper Access Control in PSA Crypto API
Title source: llmDescription
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
References (8)
Core 8
Core References
Vendor Advisory
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/
Scores
CVSS v3
8.2
EPSS
0.0015
EPSS Percentile
35.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (5)
arm/mbed_crypto
< 3.1.0
arm/mbed_tls
2.1.8 - 2.28.8
fedoraproject/fedora
38
fedoraproject/fedora
39
fedoraproject/fedora
40
Published
Mar 29, 2024
Tracked Since
Feb 18, 2026