CVE-2022-46392
5.3 MEDIUMAn issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0
Published: 2022-12-15 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
- CWE
- CWE-203
Affected products
| Vendor | Product |
|---|---|
| arm | fedora, mbed_tls |
| fedoraproject | fedora, mbed_tls |
| trustedfirmware | fedora, mbed_tls |
Description
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2022-46392
- [Other]https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
- [Other]https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/
- [Other]https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
- [Other]https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0
- [Other]https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/
Related CVEs
Same vendor
- CVE-2026-45702 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.4 MEDIUM)
- CVE-2026-45614 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.7 MEDIUM)
- CVE-2026-40290 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (7.8 HIGH)
- CVE-2026-33662 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (7.5 HIGH)
- CVE-2026-33317 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (8.7 HIGH)
Same CWE
- CVE-2026-11289 — Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via... (6.5 MEDIUM)
- CVE-2026-11284 — Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origi... (6.5 MEDIUM)
- CVE-2026-45294 — FreeScout is a free help desk and shared inbox built with PHP's Laravel framework (5.3 MEDIUM)
- CVE-2026-45410 — TREK is a collaborative travel planner (5.3 MEDIUM)
- CVE-2025-11145 — Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauth... (7.5 HIGH)