Name of the Vulnerable Software and Affected Versions mbedtls (affected versions not specified)

Description The issue involves a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. Additionally, there are side channels in certain functions such as mbedtls ecp check pub priv(), mbedtls pk parse key(), mbedtls pk parse keyfile(), mbedtls ecp mul(), and mbedtls ecp mul restartable() when called with a NULL f rng argument, which could allow an attacker to fully recover the ECC private key. Furthermore, an issue in the Lucky 13 counter-measure could make it ineffective when hardware accelerators are used, potentially allowing an active network attacker to recover plaintext after repeated timing measurements under certain conditions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.