Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:NArm Mbed Tls
APPArm< 3.6.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Race Condition
CWE
Powiązane podatności
CVE-2026-34877CRITICAL9.8PL ✓ten sam produkt
RCE przez deserializację kontekstu SSL w Mbed TLS
CVE-2026-34872CRITICAL9.1PL ✓ten sam produkt
Brak weryfikacji wkładu strony w FFDH w Mbed TLS i TF-PSA-Crypto
CVE-2022-46393CRITICAL9.8ten sam produkt
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer...
CVE-2022-35409CRITICAL9.1ten sam produkt
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthentic...
CVE-2021-44732CRITICAL9.8ten sam produkt
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl...