An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-15T00:00:00

Updated: 2024-08-03T14:31:46.362Z

Reserved: 2022-12-04T00:00:00

Link: CVE-2022-46392

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-15T23:15:10.513

Modified: 2023-11-07T03:55:36.440

Link: CVE-2022-46392

cve-icon Redhat

No data.