CVE-2021-24119

EUVD-2021-11034
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
armmbed_tls
𝑥
< 2.26.0
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mbedtls
bookworm
2.28.3-1
fixed
bullseye
no-dsa
sid
3.6.2-1
fixed
trixie
2.28.8-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mbedtls
bionic
needs-triage
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
needs-triage
polarssl
bionic
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
ignored
Common Weakness Enumeration
References
https://github.com/ARMmbed/mbedtls/releases
https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md
https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW/
https://github.com/ARMmbed/mbedtls/releases
https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md
https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW/