CVE-2020-10932

Name: CVE-2020-10932
Creator: NVD / NIST
Published: 2020-04-15T14:15:20.123+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.7/10EPSS 0.25%

Last modified Jun 17, 2026

CVE-2020-10932 is a medium-severity vulnerability rated 4.7/10 on the CVSS scale. An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.

Metrics

CVSS 3.1

4.7/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.25%

15.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Arm	Mbed Tls	>= 2.7.0, < 2.7.15
Trustedfirmware	Mbed Tls	>= 2.16.0, < 2.16.6
Fedoraproject	Fedora	31
Fedoraproject	Fedora	32
Debian	Debian Linux	10.0

References

https://lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/Mailing List, Third Party Advisory
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-releasedRelease Notes
https://tls.mbed.org/tech-updates/security-advisoriesVendor Advisory
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/Mailing List, Third Party Advisory
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-releasedRelease Notes
https://tls.mbed.org/tech-updates/security-advisoriesVendor Advisory
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04Vendor Advisory

Timeline

Published: Apr 15, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-10932?

How severe is CVE-2020-10932?

CVE-2020-10932 has a CVSS score of 4.7/10 (MEDIUM severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.

How do I fix CVE-2020-10932?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-10932?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST