CVE-2020-10932: 
Mbed TLS vulnerability analysis and mitigation

A side-channel vulnerability (CVE-2020-10932) was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x before 2.7.15. The vulnerability was disclosed in April 2020 and affects the ECDSA implementation in the cryptographic library (NVD).

The vulnerability allows an attacker with precise side-channel measurement capabilities to recover the long-term ECDSA private key through a three-step process: (1) reconstructing the projective coordinate from scalar multiplication by exploiting side channels in affine coordinate conversion, (2) recovering ephemeral scalar bits using a Naccache-Smart-Stern attack from 2003, and (3) employing a lattice attack to obtain the long-term ECDSA private key used for signatures. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.7 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

If successfully exploited, this vulnerability could lead to the disclosure of the long-term ECDSA private key, compromising the security of affected systems. The attack is particularly relevant in scenarios where the attacker has access to precise timing and memory access information, such as when attacking an SGX enclave while controlling the untrusted operating system (NVD).

The vulnerability has been fixed in Mbed TLS versions 2.16.6 and 2.7.15. Users are strongly recommended to upgrade to these or later versions to address the security issue. The fix has been incorporated into various distribution packages, including Debian and Fedora (Debian Advisory, Fedora Advisory).