PT-2025-48530 · Julia · Mbedtls Jll
Published
2025-11-21
·
Updated
2025-11-21
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Vulnerability
Mbed TLS's modular inversion routine and GCD routine are vulnerable to local
timing attacks in a number of settings discussed below.
These functions are used in RSA, making the following operations vulnerable in
all configurations:
- RSA key generation with any API (
mbedtls rsa gen key()and allpsa generate key*()functions). - Use of
mbedtls rsa complete()to import RSA private keys that are incomplete or not in the standard format. (The only exception is whenMBEDTLS RSA NO CRTis enabled and all ofN,E,D,PandQhave been set before callingmbedtls rsa complete().) (Note: internal uses ofmbedtls rsa complete()in the library are always safe.)
Additionally, if
MBEDTLS RSA NO CRT is enabled, the following operations are
also vulnerable:- Import of RSA key pairs with
psa import key(). - Export of RSA key pairs with any key export API (PSA, PK).
Additionally, if
MBEDTLS RSA NO CRT and MBEDTLS USE PSA CRYPTO are both
enabled, the following operations are also vulnerable:- Signature generation with PK (
mbedtls pk sign(),mbedtls pk sign ext()). - Decryption with PK (
mbedtls pk decrypt()).
Elliptic curve cryptography (ECDSA, ECDH, EC-JPAKE) is not affected as the
vulnerable functions are used in a safe way (with blinding).
Finite-field Diffie-Hellman (FFDH) is not affected as it does not use the
vulnerable functions.
Direct use of
mbedtls mpi inv mod() by applications on secret data is most
likely vulnerable unless you use proper blinding.Direct use of
mbedtls mpi gcd() by applications on secret data is most likely
vulnerable, unless the compiler used has builtin ctz (GCC 10 and above has
it, earlier versions don't), and it is not implemented using a loop (most
architectures have instructions that are more efficient than using a loop).Impact
When one of the vulnerable RSA functions mentioned above is used, the
vulnerability allows the attacker to fully recover the RSA private key.
When
mbedtls mpi mod inv() is directly called by an application (or
mbedtls mpi gcd() in a build where it is affected, see above), the
vulnerability allows the attacker to recover both inputs.Attack settings
The side channels in GCD and modular inversion can be exploited by a local
attacker in a number of circumstances. Two teams independently developed tools
allowing to trace a victim process, recover the inputs to
mbedtls mpi mod inv() and break RSA key generation:- SSBleed: this uses the Memory Dependence Predictor (MDP) on some
Arm-v9 CPUs. The attacker only needs to be able to run code on the same core
as the victim but does not need elevated privileges. The proof of concept
fully recovers RSA private keys from
mbedtls rsa gen key()and the same principle applies to other unblinded uses ofmbedtls mpi inv mod(). - M-Step: in a setting where TrustZone-M is used, the M-Step framework allows
the non-secure world to abuse timer interrupts to effectively single-step the
secure world and trace its execution flow.
The proofs of concepts fully recover RSA private keys from
mbedtls rsa gen key()andmbedtls rsa complete(). Several other exploitation paths in RSA are identified. In particular,mbedtls mpi gcd()is found to be vulnerable when Mbed TLS is compiled with a compiler that does not havebuiltin ctz.
The same functions are most probably also vulnerable in other circumstances
using similar attack techniques: SGX-Step, SEV-Step, microarchitectural
attacks similar to SSBleed...
Credits
SSBleed: Chang Liu from Tsinghua University and Trevor E. Carlson from National University of Singapore
M-Step: Cristiano Rodrigues (University of Minho), Marton Bognar (DistriNet, KU Leuven), Sandro Pinto (University of Minho), Jo Van Bulck (DistriNet, KU Leuven)
Affected versions
All versions of Mbed TLS up to 3.6.4 are affected.
Work-around
Applications that do not generate RSA keys and do not import private RSA keys
with
mbedtls rsa import()+mbedtls rsa complete(), but use other RSA
functions that are only vulnerable with MBEDTLS RSA NO CRT, can recompile
without MBEDTLS RSA NO CRT.Applications that do not use RSA private keys and do not directly call
mbedtls mpi inv mod() or mbedtls mpi gcd() are not affected.Resolution
Affected users should upgrade to Mbed TLS 3.6.5 or TF-PSA-Crypto 1.0.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mbedtls Jll