Описание
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
A flaw was found in Mbed TLS. When a function takes parameters in memory that is shared with another protection domain (process, partition, etc.) that is untrusted, the untrusted domain can access the shared memory during the execution of the function, which can compromise various security properties and lead to data modification or information disclosure.
Отчет
This vulnerability affects products that use Mbed TLS to provide an implementation of the PSA Crypto API with domain isolation between API callers (“client application”) and the API implementation (“crypto server”), where communication is done through shared memory. Applications that use Mbed TLS as a library inside their own process space are not affected.
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28. ...
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
EPSS
5.3 Medium
CVSS3