Subject: [ASA-202003-7] mbedtls: private key recovery Arch Linux Security Advisory ASA-202003-7 ========================================= Severity: High Date : 2020-03-11 CVE-ID : CVE-2019-18222 Package : mbedtls Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-1104 Summary ======= The package mbedtls before version 2.16.5-1 is vulnerable to private key recovery. Resolution ========== Upgrade to 2.16.5-1. # pacman -Syu "mbedtls>=2.16.5-1" The problem has been fixed upstream in version 2.16.5. Workaround ========== None. Description =========== The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto before 3.0.1 and Mbed TLS before 2.20.0, 2.16.4 or 2.7.13 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks. Impact ====== A local attacker can recover an ECDSA private key via side-channel attacks. References ========== https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 https://security.archlinux.org/CVE-2019-18222