[ASA-202003-7] mbedtls: private key recovery

Morten Linderud foxboron at archlinux.org
Thu Mar 12 19:13:17 UTC 2020


Arch Linux Security Advisory ASA-202003-7
=========================================

Severity: High
Date    : 2020-03-11
CVE-ID  : CVE-2019-18222
Package : mbedtls
Type    : private key recovery
Remote  : No
Link    : https://security.archlinux.org/AVG-1104

Summary
=======

The package mbedtls before version 2.16.5-1 is vulnerable to private
key recovery.

Resolution
==========

Upgrade to 2.16.5-1.

# pacman -Syu "mbedtls>=2.16.5-1"

The problem has been fixed upstream in version 2.16.5.

Workaround
==========

None.

Description
===========

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto before
3.0.1 and Mbed TLS before 2.20.0, 2.16.4 or 2.7.13 does not reduce the
blinded scalar before computing the inverse, which allows a local
attacker to recover the private key via side-channel attacks.

Impact
======

A local attacker can recover an ECDSA private key via side-channel
attacks.

References
==========

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
https://security.archlinux.org/CVE-2019-18222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20200312/667e3d63/attachment.sig>


More information about the arch-security mailing list