Upstream information
Description
An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
CNA (CISA-ADP) | National Vulnerability Database | |
---|---|---|
Base Score | 5.1 | 5.1 |
Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Attack Vector | Local | Local |
Attack Complexity | High | High |
Privileges Required | None | None |
User Interaction | None | None |
Scope | Unchanged | Unchanged |
Confidentiality Impact | High | High |
Integrity Impact | None | None |
Availability Impact | None | None |
CVSSv3 Version | 3.1 | 3.1 |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-14304 |
SUSE Timeline for this CVE
CVE page created: Wed Sep 4 11:58:09 2024CVE page last modified: Sun Mar 16 22:03:24 2025