CVE-2022-46392

Name	CVE-2022-46392
Description	An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-4236-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
mbedtls (PTS)	bullseye	2.16.9-0.1	vulnerable
	bullseye (security)	2.16.9-0.1+deb11u3	fixed
	bookworm	2.28.3-1	fixed
	forky, sid, trixie	3.6.4-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mbedtls	source	bullseye	2.16.9-0.1+deb11u1		DLA-4236-1
mbedtls	source	(unstable)	2.28.2-1

Notes

[buster] - mbedtls <postponed> (Minor issue)
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
Issue is most likely related to library/bignum.c and the mbedtls_mpi_exp_mod function.