Upstream information
Description
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 1.9 |
| Vector | AV:L/AC:M/Au:N/C:P/I:N/A:N |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
| National Vulnerability Database | |
|---|---|
| Base Score | 4.7 |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack Vector | Local |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | None |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2021:0384-1, published Fri Mar 5 21:39:56 2021
- openSUSE-SU-2021:0397-1, published Tue Mar 9 09:39:18 2021
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Package Hub 15 SP2 |
| Patchnames: openSUSE-2021-397 |
| openSUSE Leap 15.2 |
| Patchnames: openSUSE-2021-384 |
SUSE Timeline for this CVE
CVE page created: Wed Apr 15 23:50:55 2020CVE page last modified: Tue May 23 15:32:08 2023