FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mbed TLS -- Side channel attack on ECDSA

Affected packages
mbedtls < 2.16.6


VuXML ID bf1f47c4-7f1b-11ea-bf94-001cc0382b2f
Discovery 2020-04-14
Entry 2020-04-15

Manuel Pégourié-Gonnard reports:

An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) can fully recover an ECDSA private key after observing a number of signature operations.


CVE Name CVE-2020-10932