An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesnt properly consider the case of a hardware accelerator.
Weakness
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mbed_tls | Arm | * | 2.16.7 (excluding) |
| Mbed_tls | Arm | 2.17.0 (including) | 2.23.0 (excluding) |
| Mbedtls | Ubuntu | bionic | * |
| Mbedtls | Ubuntu | esm-apps/bionic | * |
| Mbedtls | Ubuntu | esm-apps/focal | * |
| Mbedtls | Ubuntu | esm-apps/xenial | * |
| Mbedtls | Ubuntu | focal | * |
| Mbedtls | Ubuntu | groovy | * |
| Mbedtls | Ubuntu | hirsute | * |
| Mbedtls | Ubuntu | impish | * |
| Mbedtls | Ubuntu | kinetic | * |
| Mbedtls | Ubuntu | lunar | * |
| Mbedtls | Ubuntu | mantic | * |
| Mbedtls | Ubuntu | oracular | * |
| Mbedtls | Ubuntu | trusty | * |
| Mbedtls | Ubuntu | upstream | * |
| Mbedtls | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/117.html
- https://cwe.mitre.org/data/definitions/383.html
- https://cwe.mitre.org/data/definitions/477.html
- https://cwe.mitre.org/data/definitions/65.html
References
- https://bugs.gentoo.org/730752
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0
- https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
- https://bugs.gentoo.org/730752
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0
- https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html