FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mbed TLS -- Side channel attack on ECDSA

Affected packages
mbedtls < 2.16.6

Details

VuXML ID bf1f47c4-7f1b-11ea-bf94-001cc0382b2f
Discovery 2020-04-14
Entry 2020-04-15

Manuel Pégourié-Gonnard reports:

An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) can fully recover an ECDSA private key after observing a number of signature operations.

References

CVE Name CVE-2020-10932
URL https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04