An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-15T00:00:00
Updated: 2024-08-03T14:31:46.362Z
Reserved: 2022-12-04T00:00:00
Link: CVE-2022-46392
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-15T23:15:10.513
Modified: 2023-11-07T03:55:36.440
Link: CVE-2022-46392
Redhat
No data.