CVE-2019-16910
First published: Thu Sep 26 2019(Updated: )
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Mbed Crypto | <2.0.0 | |
| ARM mbed TLS | <2.7.12 | |
| ARM mbed TLS | >=2.8.0<2.16.3 | |
| ARM mbed TLS | >=2.17.0<2.19.0 | |
| Fedoraproject Fedora | =29 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd
- https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b
- https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10
Frequently Asked Questions
What is CVE-2019-16910?
CVE-2019-16910 is a vulnerability in Arm Mbed TLS and Arm Mbed Crypto that allows an attacker to recover a private key via side-channel attacks.
What is the severity of CVE-2019-16910?
CVE-2019-16910 has a severity score of 5.3 (medium).
Which software versions are affected by CVE-2019-16910?
Arm Mbed Crypto versions up to 2.0.0 and Arm Mbed TLS versions up to 2.7.12, 2.8.0 to 2.16.3, and 2.17.0 to 2.19.0 are affected.
How does CVE-2019-16910 work?
CVE-2019-16910 occurs when deterministic ECDSA is enabled and an RNG with insufficient entropy is used for blinding, allowing an attacker to recover a private key via side-channel attacks.
How can I fix CVE-2019-16910?
To fix CVE-2019-16910, update Arm Mbed TLS to version 2.19.0 or later and Arm Mbed Crypto to version 2.0.0 or later.
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/remedy
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/arm
- canonical/arm mbed crypto
- canonical/arm mbed tls
- version/arm mbed tls/2.8.0
- version/arm mbed tls/2.17.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/29
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0