CVE-2021-36647

Name of the Vulnerable Software and Affected Versions Mbed TLS versions prior to 3.0.0 Mbed TLS versions prior to 2.27.0 Mbed TLS versions prior to 2.16.11

Description The issue is related to the use of a broken or risky cryptographic algorithm in the mbedtls mpi exp mod() function in lignum.c in Mbed TLS. This allows attackers with access to precise enough timing and memory access information, typically an untrusted operating system attacking a secure enclave, to recover the private keys used in RSA.

Recommendations For versions prior to 3.0.0, update to version 3.0.0 or later. For versions prior to 2.27.0, update to version 2.27.0 or later. For versions prior to 2.16.11, update to version 2.16.11 or later. As a temporary workaround, consider restricting access to the mbedtls mpi exp mod() function in lignum.c until a patch is available.