Vulnerabilities > CVE-2020-16150 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
arm
fedoraproject
debian
CWE-203

Summary

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

Vulnerable Configurations

Part Description Count
Application
Arm
137
OS
Fedoraproject
3
OS
Debian
1

Common Weakness Enumeration (CWE)