CVE-2020-10941
First published: Tue Mar 24 2020(Updated: )
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Mbed Crypto | <3.1.0 | |
| ARM mbed TLS | <2.16.5 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-10941.
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by measuring cache usage during an import to obtain sensitive information, such as an RSA private key.
What is the severity rating of CVE-2020-10941?
The severity rating of CVE-2020-10941 is medium, with a CVSS score of 5.9.
Which software versions are affected by this vulnerability?
Arm Mbed Crypto versions up to 3.1.0, ARM mbed TLS versions up to 2.16.5, Fedora 31 and 32, and Debian Linux 10.0 are affected by this vulnerability.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to update Arm Mbed Crypto to a version higher than 3.1.0 and ARM mbed TLS to a version higher than 2.16.5. For Fedora and Debian Linux, update to the latest available patches and security updates.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/arm
- canonical/arm mbed crypto
- canonical/arm mbed tls
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0