CVE-2021-24119
openSUSE Security Advisory - openSUSE-SU-2021:1389-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
En Trusted Firmware Mbed versión TLS versión 2.24.0, una vulnerabilidad de canal lateral en la decodificación de archivos PEM base64, permite a atacantes a nivel de sistema (administrador) obtener información sobre claves RSA secretas por medio de un ataque de canal controlado y de canal lateral en el software ejecutándose entornos aislados que pueden ser de un solo paso, especialmente Intel SGX
An update that fixes one vulnerability is now available. This update for mbedtls fixes the following issues. Fixed side-channel vulnerability in base64 PEM [boo#1189589] Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-14 CVE Reserved
- 2021-07-14 CVE Published
- 2024-08-03 CVE Updated
- 2025-07-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/ARMmbed/mbedtls/releases | Release Notes | |
| https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md | Release Notes | |
| https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | < 2.26.0 Search vendor "Arm" for product "Mbed Tls" and version " < 2.26.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||