Wind River Support Network

HomeDefectsLIN1021-6572
Fixed

LIN1021-6572 : Security Advisory - mbedtls - CVE-2019-16910

Created: Sep 24, 2023    Updated: Sep 24, 2023
Resolved Date: Sep 24, 2023
Previous ID: LIN1022-5474
Found In Version: 10.21.20.7
Fix Version: 10.21.20.19
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

CREATE(Triage):(User=admin) CVE-2019-16910 (https://nvd.nist.gov/vuln/detail/CVE-2019-16910)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube