Bug 2405231 (CVE-2025-54764)
| Summary: | CVE-2025-54764 mbedtls: Mbedtls timing attacks in RSA operations | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
Mbed TLS’s modular inversion routine and GCD routine are vulnerable to local timing attacks in multiple ways. Please see the linked mbed-tls advisory for technical details. When one of the vulnerable RSA functions is used, the vulnerability allows the attacker to fully recover the RSA private key. The side channels in GCD and modular inversion can be exploited by a local attacker.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2405237, 2405238, 2405243, 2405245, 2405246, 2405236, 2405239, 2405240, 2405241, 2405242, 2405244 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-10-20 22:01:45 UTC
|