NVD Vulnerability Detail

CVE-2020-10932

Summary	An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.
Publication Date	April 15, 2020, 11:15 p.m.
Registration Date	Jan. 26, 2021, 11:50 a.m.
Last Update	Nov. 21, 2024, 1:56 p.m.

Affected software configurations

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:10.0:::::::*

Related information, measures and tools

No	URL	タグ
1	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html	Mailing List Third Party Advisory
2	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/	Mailing List Third Party Advisory
3	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/	Mailing List Third Party Advisory
4	https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released	Release Notes
5	https://tls.mbed.org/tech-updates/security-advisories	Vendor Advisory
6	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04	Vendor Advisory
7	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html	Mailing List Third Party Advisory
8	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04	Vendor Advisory
9	https://tls.mbed.org/tech-updates/security-advisories	Vendor Advisory
10	https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released	Release Notes
11	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/	Mailing List Third Party Advisory
12	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/	Mailing List Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-327	不完全、または危険な暗号アルゴリズムの使用	https://cwe.mitre.org/data/definitions/327.html
2	CWE-203	セキュリティ関連の処理に対するレスポンスの違いに起因する情報漏えい	https://cwe.mitre.org/data/definitions/203.html

JVN Vulnerability Information

Arm Mbed TLS における暗号アルゴリズムの使用に関する脆弱性

Title	Arm Mbed TLS における暗号アルゴリズムの使用に関する脆弱性
Summary	Arm Mbed TLS には、暗号アルゴリズムの使用に関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 14, 2020, midnight
Registration Date	May 20, 2020, 10:12 a.m.
Last Update	May 20, 2020, 10:12 a.m.

Affected System

ARM Ltd.

ARM mbed TLS 2.16.6 未満

ARM mbed TLS 2.7.15 未満の 2.7.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-10932	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932
National Vulnerability Database (NVD)
2	CVE-2020-10932	https://nvd.nist.gov/vuln/detail/CVE-2020-10932

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-327	https://cwe.mitre.org/data/definitions/327.html

ベンダー情報

No	Name	URL
ARM mbed
1	Mbed TLS 2.16.6 and 2.7.15 released	https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
2	Side channel attack on ECDSA	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
3	Tech Updates / Security Advisories	https://tls.mbed.org/tech-updates/security-advisories

Change Log

No	Changed Details	Date of change
1	[2020年05月20日] 掲載	May 20, 2020, 10:12 a.m.