1. CVE-Search
  2. CVE-2020-10932
ID CVE-2020-10932
Summary An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.
References
Vulnerable Configurations
  • cpe:2.3:a:arm:mbed_tls:2.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.0:-:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.2:-:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.2:-:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:arm:mbed_tls:2.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:arm:mbed_tls:2.7.14:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 03-03-2023 - 15:32)
Impact:
Exploitability:
CWE CWE-203
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:N/A:N
refmap via4
confirm
fedora
  • FEDORA-2020-42564738a1
  • FEDORA-2020-9a6e8e63e9
misc https://tls.mbed.org/tech-updates/security-advisories
Last major update 03-03-2023 - 15:32
Published 15-04-2020 - 14:15
Last modified 03-03-2023 - 15:32
Back to Top