CVE-2024-23170 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-23170 Interim 1 5 2025-02-16T01:36:19Z current 2024-01-31T00:08:58Z 2025-02-16T01:36:19Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-23170 An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TFW4YTDRTJEE3RUQXN4MRJ2SIL4ISBZT/ E-Mail link for openSUSE-SU-2024:0037-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP5 openSUSE Leap 15.5 openSUSE Tumbleweed libeverest-3.5.2-1.1 libeverest-x86-64-v3-3.5.2-1.1 libmbedcrypto15-3.5.2-1.1 libmbedcrypto15-x86-64-v3-3.5.2-1.1 libmbedcrypto7-2.28.7-1.1 libmbedcrypto7-2.28.7-bp155.2.3.1 libmbedcrypto7-32bit-2.28.7-bp155.2.3.1 libmbedcrypto7-64bit-2.28.7-bp155.2.3.1 libmbedcrypto7-x86-64-v3-2.28.7-1.1 libmbedtls14-2.28.7-1.1 libmbedtls14-2.28.7-bp155.2.3.1 libmbedtls14-32bit-2.28.7-bp155.2.3.1 libmbedtls14-64bit-2.28.7-bp155.2.3.1 libmbedtls14-x86-64-v3-2.28.7-1.1 libmbedtls20-3.5.2-1.1 libmbedtls20-x86-64-v3-3.5.2-1.1 libmbedx509-1-2.28.7-1.1 libmbedx509-1-2.28.7-bp155.2.3.1 libmbedx509-1-32bit-2.28.7-bp155.2.3.1 libmbedx509-1-64bit-2.28.7-bp155.2.3.1 libmbedx509-1-x86-64-v3-2.28.7-1.1 libmbedx509-6-3.5.2-1.1 libmbedx509-6-x86-64-v3-3.5.2-1.1 libp256m-3.5.2-1.1 libp256m-x86-64-v3-3.5.2-1.1 mbedtls-2-devel-2.28.7-1.1 mbedtls-devel-2.28.7-bp155.2.3.1 mbedtls-devel-3.5.2-1.1 libmbedcrypto7-2.28.7-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 libmbedcrypto7-32bit-2.28.7-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 libmbedcrypto7-64bit-2.28.7-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 libmbedtls14-2.28.7-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 libmbedtls14-32bit-2.28.7-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 libmbedtls14-64bit-2.28.7-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 libmbedx509-1-2.28.7-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 libmbedx509-1-32bit-2.28.7-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 libmbedx509-1-64bit-2.28.7-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 mbedtls-devel-2.28.7-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 libmbedcrypto7-2.28.7-bp155.2.3.1 as a component of openSUSE Leap 15.5 libmbedcrypto7-32bit-2.28.7-bp155.2.3.1 as a component of openSUSE Leap 15.5 libmbedcrypto7-64bit-2.28.7-bp155.2.3.1 as a component of openSUSE Leap 15.5 libmbedtls14-2.28.7-bp155.2.3.1 as a component of openSUSE Leap 15.5 libmbedtls14-32bit-2.28.7-bp155.2.3.1 as a component of openSUSE Leap 15.5 libmbedtls14-64bit-2.28.7-bp155.2.3.1 as a component of openSUSE Leap 15.5 libmbedx509-1-2.28.7-bp155.2.3.1 as a component of openSUSE Leap 15.5 libmbedx509-1-32bit-2.28.7-bp155.2.3.1 as a component of openSUSE Leap 15.5 libmbedx509-1-64bit-2.28.7-bp155.2.3.1 as a component of openSUSE Leap 15.5 mbedtls-devel-2.28.7-bp155.2.3.1 as a component of openSUSE Leap 15.5 libeverest-3.5.2-1.1 as a component of openSUSE Tumbleweed libeverest-x86-64-v3-3.5.2-1.1 as a component of openSUSE Tumbleweed libmbedcrypto15-3.5.2-1.1 as a component of openSUSE Tumbleweed libmbedcrypto15-x86-64-v3-3.5.2-1.1 as a component of openSUSE Tumbleweed libmbedcrypto7-2.28.7-1.1 as a component of openSUSE Tumbleweed libmbedcrypto7-x86-64-v3-2.28.7-1.1 as a component of openSUSE Tumbleweed libmbedtls14-2.28.7-1.1 as a component of openSUSE Tumbleweed libmbedtls14-x86-64-v3-2.28.7-1.1 as a component of openSUSE Tumbleweed libmbedtls20-3.5.2-1.1 as a component of openSUSE Tumbleweed libmbedtls20-x86-64-v3-3.5.2-1.1 as a component of openSUSE Tumbleweed libmbedx509-1-2.28.7-1.1 as a component of openSUSE Tumbleweed libmbedx509-1-x86-64-v3-2.28.7-1.1 as a component of openSUSE Tumbleweed libmbedx509-6-3.5.2-1.1 as a component of openSUSE Tumbleweed libmbedx509-6-x86-64-v3-3.5.2-1.1 as a component of openSUSE Tumbleweed libp256m-3.5.2-1.1 as a component of openSUSE Tumbleweed libp256m-x86-64-v3-3.5.2-1.1 as a component of openSUSE Tumbleweed mbedtls-2-devel-2.28.7-1.1 as a component of openSUSE Tumbleweed mbedtls-devel-3.5.2-1.1 as a component of openSUSE Tumbleweed An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. CVE-2024-23170 SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1 SUSE Package Hub 15 SP5:libmbedcrypto7-32bit-2.28.7-bp155.2.3.1 SUSE Package Hub 15 SP5:libmbedcrypto7-64bit-2.28.7-bp155.2.3.1 SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1 SUSE Package Hub 15 SP5:libmbedtls14-32bit-2.28.7-bp155.2.3.1 SUSE Package Hub 15 SP5:libmbedtls14-64bit-2.28.7-bp155.2.3.1 SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1 SUSE Package Hub 15 SP5:libmbedx509-1-32bit-2.28.7-bp155.2.3.1 SUSE Package Hub 15 SP5:libmbedx509-1-64bit-2.28.7-bp155.2.3.1 SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1 openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1 openSUSE Leap 15.5:libmbedcrypto7-32bit-2.28.7-bp155.2.3.1 openSUSE Leap 15.5:libmbedcrypto7-64bit-2.28.7-bp155.2.3.1 openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1 openSUSE Leap 15.5:libmbedtls14-32bit-2.28.7-bp155.2.3.1 openSUSE Leap 15.5:libmbedtls14-64bit-2.28.7-bp155.2.3.1 openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1 openSUSE Leap 15.5:libmbedx509-1-32bit-2.28.7-bp155.2.3.1 openSUSE Leap 15.5:libmbedx509-1-64bit-2.28.7-bp155.2.3.1 openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1 openSUSE Tumbleweed:libeverest-3.5.2-1.1 openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1 openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1 openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1 openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1 openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1 openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1 openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1 openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1 openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1 openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1 openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1 openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1 openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1 openSUSE Tumbleweed:libp256m-3.5.2-1.1 openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1 openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1 openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1 moderate 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N