PT-2021-6586 · Arm+2 · Arm Mbed Tls+2

Kfyatek

Published

2020-09-02

Updated

2025-08-21

CVE-2020-36424

CVSS v2.0

6.3

Medium

Vector

AV:N/AC:M/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Arm Mbed TLS versions prior to 2.24.0

Description An issue in Arm Mbed TLS allows an attacker to recover a private key via a side-channel attack against generation of base blinding/unblinding values, potentially affecting RSA or static Diffie-Hellman. This could lead to unauthorized access to confidential data due to information disclosure through inconsistency in TLS and SSL protocol implementation.

Recommendations For Arm Mbed TLS versions prior to 2.24.0, update to version 2.24.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALT-PU-2020-2711

ALT-PU-2021-2234

ALT-PU-2025-10462

BDU:2022-01852

CVE-2020-36424

DLA-3249-1

Affected Products

Alt Linux

Arm Mbed Tls

Astra Linux

PT-2021-6586 · Arm+2 · Arm Mbed Tls+2

CVE-2020-36424

Weakness Enumeration

Related Identifiers

Affected Products

References · 16