An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
https://bugs.gentoo.org/740108
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
Source: Mitre, NVD
Published: 2021-07-19
Updated: 2023-01-11
Base Score: 1.9
Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N
Severity: Low
Base Score: 4.7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: Medium
EPSS: 0.00066