Name of the Vulnerable Software and Affected Versions mbedtls (affected versions not specified)

Description The issue allows an adversary to launch a side channel attack to recover the RSA private key when it is being imported, if Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system. Additionally, there is a potential memory overread when performing an ECDSA signature operation, which could result in information disclosure or denial of service, such as application crash or extra resource consumption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.