CVE-2024-28960

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.18.0 through 2.28.x before 2.28.8 Mbed TLS versions 3.x before 3.6.0 Mbed Crypto (affected versions not specified)

Description The PSA Crypto API in Mbed TLS and Mbed Crypto mishandles shared memory, which can be exploited to impact the confidentiality, integrity, and availability of data. The issue is related to insufficient spatial separation.

Recommendations For Mbed TLS versions 2.18.0 through 2.28.x before 2.28.8, update to version 2.28.8 or later. For Mbed TLS versions 3.x before 3.6.0, update to version 3.6.0 or later. For Mbed Crypto, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the PSA Crypto API to minimize the risk of exploitation.