Bugzilla – Bug 1188491
VUL-0: CVE-2020-36423: mbedtls: remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly work
Last modified: 2021-08-06 09:25:45 UTC
CVE-2020-36423 An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36423 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36423 https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 https://bugs.gentoo.org/730752
CVE-2020-36423: Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). This would cause the original Lucky 13 attack to be possible in those configurations, allowing an active network attacker to recover plaintext after repeated timing measurements under some conditions. Reported and fix suggested by Luc Perneel in #3246. See also: https://github.com/ARMmbed/mbedtls/issues/3246
We have a fixed version 2.16.9 in openSUSE:Leap:15.2:Update Updated to 2.27.0 in Factory: https://build.opensuse.org/request/show/907287 I think nothing else to be done.
done