vulnerability
FreeBSD: VID-056ea107-5729-11ea-a2f3-001cc0382b2f: Mbed TLS -- Cache attack against RSA key import in SGX
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:S/C:C/I:C/A:C) | Feb 24, 2020 | Dec 10, 2025 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
Published
Feb 24, 2020
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Janos Follath reports: If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported. The attack only requires access to fine grained measurements to cache usage. Therefore the attack might be applicable to a scenario where Mbed TLS is running in TrustZone secure world and the attacker controls the normal world or possibly when Mbed TLS is part of a hypervisor and the adversary has full control of a guest OS.
Solution
freebsd-upgrade-package-mbedtls
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.