FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
056ea107-5729-11ea-a2f3-001cc0382b2f	Mbed TLS -- Cache attack against RSA key import in SGX Janos Follath reports: If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported. The attack only requires access to fine grained measurements to cache usage. Therefore the attack might be applicable to a scenario where Mbed TLS is running in TrustZone secure world and the attacker controls the normal world or possibly when Mbed TLS is part of a hypervisor and the adversary has full control of a guest OS. Discovery 2020-02-18 Entry 2020-02-24 mbedtls < 2.16.5 https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02

VuXML ID

Description

056ea107-5729-11ea-a2f3-001cc0382b2f

Mbed TLS -- Cache attack against RSA key import in SGX

Janos Follath reports:

If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported.

The attack only requires access to fine grained measurements to cache usage. Therefore the attack might be applicable to a scenario where Mbed TLS is running in TrustZone secure world and the attacker controls the normal world or possibly when Mbed TLS is part of a hypervisor and the adversary has full control of a guest OS.

Discovery 2020-02-18
Entry 2020-02-24
mbedtls

< 2.16.5

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02