CVE-2020-36421
First published: Mon Jul 19 2021(Updated: )
An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ARM mbed TLS | <2.16.7 | |
| ARM mbed TLS | >=2.17.0<2.23.0 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-36421?
CVE-2020-36421 is a vulnerability discovered in Arm Mbed TLS before version 2.23.0 that allows the disclosure of an RSA private key used in a secure enclave due to a side channel in modular exponentiation.
How does CVE-2020-36421 affect Arm Mbed TLS?
CVE-2020-36421 affects Arm Mbed TLS versions up to (but not including) 2.23.0 and allows the disclosure of an RSA private key used in a secure enclave.
What is the severity of CVE-2020-36421?
CVE-2020-36421 has a severity level of 5.3 (Medium).
How can I fix CVE-2020-36421?
To fix CVE-2020-36421, update your Arm Mbed TLS installation to version 2.23.0 or later.
Where can I find more information about CVE-2020-36421?
You can find more information about CVE-2020-36421 in the following references: [1] [2] [3]
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/arm
- canonical/arm mbed tls
- version/arm mbed tls/2.17.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0