Bugzilla – Bug 1188490
VUL-0: CVE-2020-36422: mbedtls: side channel allows recovery of an ECC private key
Last modified: 2021-08-06 09:25:35 UTC
CVE-2020-36422 An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36422 https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36422 https://bugs.gentoo.org/730752
CVE-2020-36422: Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.
We have fixed versions in: * Version 2.16.9 in openSUSE:Leap:15.2:Update * Version 2.8.0 in openSUSE:Leap:15.1:Update Updated to 2.27.0 in Factory: https://build.opensuse.org/request/show/907287 I think nothing else to be done.
done