← Back

CVE-2022-46392

nvd nist
Published: Dec 15, 2022Modified: Nov 3, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 1.6 / Impact: 3.6
Source: NVD

Description

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

Affected (4)

Arm
1 product
Mbed Tls
Fedoraproject
1 product
Fedora
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Arm
Mbed Tls
Before 2.28.2
Mbed Tls
From 3.0.0 to 3.3.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 36
Fedora
Version 37

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (9)

Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.