CVE-2021-36647

NameCVE-2021-36647
DescriptionUse of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4236-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mbedtls (PTS)bullseye2.16.9-0.1vulnerable
bullseye (security)2.16.9-0.1+deb11u1fixed
bookworm2.28.3-1fixed
trixie3.6.3-1fixed
sid3.6.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mbedtlssourcebullseye2.16.9-0.1+deb11u1DLA-4236-1
mbedtlssource(unstable)2.16.11-0.1

Notes

[buster] - mbedtls <no-dsa> (Minor issue)
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/
Search for package or bug name: Reporting problems