CVE-2024-28960: 
Mbed TLS vulnerability analysis and mitigation

An issue was discovered in Mbed TLS versions 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The vulnerability involves insecure handling of shared memory in PSA Crypto APIs, where the implementation does not properly protect shared memory access between different protection domains (Mbed Advisory).

The vulnerability affects products that use Mbed TLS to provide an implementation of the PSA Crypto API with domain isolation between API callers (client application) and the API implementation (crypto server), where communication is done through shared memory. The issue arises when a function takes parameters in memory shared with an untrusted protection domain, allowing the untrusted domain to access and modify the shared memory during function execution. This can lead to inconsistent data validation, modification of intermediate results, and potential leakage of confidential information (Mbed Advisory). The vulnerability has been assigned a CVSS v3.1 base score of 8.2 HIGH (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) (NVD).

The vulnerability can allow unprivileged applications to break security guarantees expected from domain isolation between them and a crypto server. Known problematic scenarios include: 1) Buffer overread possibilities in the crypto server during RSA public key or key pair import operations, 2) Bypass of key policy restrictions during RSA signature operations, and 3) Unauthorized signing capabilities when memory is shared directly between untrusted applications and the crypto server (Mbed Advisory).

Users should upgrade to Mbed TLS 2.28.8 or Mbed TLS 3.6.0 and ensure that the configuration option MBEDTLSPSAASSUMEEXCLUSIVEBUFFERS is disabled. For systems that cannot immediately upgrade, a workaround is available where crypto servers can copy inputs from shared memory into server-owned memory buffers before processing, and copy outputs back to shared memory afterward. Applications using Mbed TLS as a library within their own process space are not affected by this vulnerability (Mbed Advisory, Fedora Update).