Vulnerabilities > CVE-2020-36424 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 4.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
high complexity
arm
debian
CWE-203

Summary

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

Vulnerable Configurations

Part Description Count
Application
Arm
137
OS
Debian
1

Common Weakness Enumeration (CWE)