Vulnerability Description
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
CVSS Score
5.9
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arm | Mbed Crypto | < 3.1.0 |
| Arm | Mbed Tls | < 2.16.5 |
| Fedoraproject | Fedora | 31 |
| Debian | Debian Linux | 10.0 |
References
- https://lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-Vendor Advisory
FAQ
What is CVE-2020-10941?
CVE-2020-10941 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
How severe is CVE-2020-10941?
CVE-2020-10941 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10941?
Check the references section above for vendor advisories and patch information. Affected products include: Arm Mbed Crypto, Arm Mbed Tls, Fedoraproject Fedora, Debian Debian Linux.