CVE-2020-36425: 
Mbed TLS vulnerability analysis and mitigation

An issue was discovered in Arm Mbed TLS before version 2.24.0 (CVE-2020-36425). The vulnerability relates to how the library handles certificate revocation via Certificate Revocation Lists (CRLs). The software incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. This vulnerability was discovered and reported by yuemonangong, and independently reported and fixed by Raoul Strackx and Jethro Beekman (GitHub Issue, GitHub PR).

The vulnerability stems from the implementation checking if the revocationDate field in CRLs was in the past before considering a certificate as revoked. This behavior was particularly problematic in two scenarios: 1) On builds without MBEDTLSHAVETIMEDATE, certificates were never considered as revoked because the time check would always fail, and 2) On builds with MBEDTLSHAVETIMEDATE, an attacker with control over the local clock could prevent certificate revocation by manipulating the system time. The issue was fixed by removing the revocationDate check entirely, bringing the implementation in line with RFC 5280 specifications (GitHub Release).

The vulnerability could allow an attacker to bypass certificate revocation checks in two ways: either by exploiting systems without time functionality where certificates would never be considered revoked, or by manipulating the local clock on systems with time functionality to prevent certificate revocation. This was particularly concerning in secure enclave environments where an untrusted operating system could control the clock (GitHub Release).

The issue has been fixed in multiple versions of Mbed TLS: version 2.24.0 for the main branch, version 2.16.8 for the 2.16 LTS branch, and version 2.7.17 for the 2.7 LTS branch. The fix involves removing the revocationDate check when processing CRLs, aligning the implementation with RFC 5280 specifications. Users are recommended to upgrade to these versions or later to address the vulnerability (GitHub Release 2.24.0, GitHub Release 2.16.8, GitHub Release 2.7.17).

The vulnerability was initially reported through GitHub's issue tracking system and generated significant discussion within the security community. The fix was developed collaboratively, with multiple security researchers independently identifying and reporting the issue. The Debian Linux distribution also acknowledged the severity of the issue by including it in their security updates (Debian Security).