Published: 17/01/2023 Updated: 27/01/2023

CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1

VMScore: 0

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions prior to 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.

Vulnerable Product	Search on Vulmon	Subscribe to Product
arm mbed tls

Prototype of the precise TrustZone execution control framework for exploring side-channel attacks.

Load-Step: A Precise TrustZone Execution Control Framework This repository contains the source code of Load-Step -- a prototype design of the TrustZone execution control framework for exploring side-channel attacks For more details, please see our paper on DAC 2021 Z Kou, W He, S Sinha and W Zhang, "Load-Step: A Precise TrustZone Execution Control Framework for Exp

CWE-327 https://kouzili.com/Load-Step.pdf https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1 https://github.com/ARMmbed/mbedtls/releases/https://nvd.nist.gov https://github.com/kouzili/Load-Step

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-36647

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect