VYPR
Medium severity5.3NVD Advisory· Published Dec 15, 2022· Updated Jun 5, 2026

CVE-2022-46392

CVE-2022-46392

Description

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Arm/MbedTLS3 versions
    cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*range: <2.28.2
    • cpe:2.3:a:trustedfirmware:mbed_tls:*:*:*:*:*:*:*:*range: >=3.0.0,<3.3.0
    • (no CPE)range: <2.28.2, <3.3.0
  • cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
  • Mbed TLS/Mbed TLSdescription

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.