vulnerability

SUSE: CVE-2020-10932: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:M/Au:N/C:P/I:N/A:N)	2020-04-15	2021-03-06	2023-03-06

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:N/A:N)

Published

2020-04-15

Added

2021-03-06

Modified

2023-03-06

Description

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.

Solution(s)

suse-upgrade-libmbedcrypto3suse-upgrade-libmbedcrypto3-32bitsuse-upgrade-libmbedcrypto3-64bitsuse-upgrade-libmbedtls12suse-upgrade-libmbedtls12-32bitsuse-upgrade-libmbedtls12-64bitsuse-upgrade-libmbedx509-0suse-upgrade-libmbedx509-0-32bitsuse-upgrade-libmbedx509-0-64bitsuse-upgrade-mbedtls-devel

References

NVD-CVE-2020-10932

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today