Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-23170

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-31 Jan, 2024 | 00:00
Updated At-04 Nov, 2025 | 18:23
Rejected At-
Credits

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:31 Jan, 2024 | 00:00
Updated At:04 Nov, 2025 | 18:23
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
vendor-advisory
Hyperlink: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
Resource:
vendor-advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
vendor-advisory
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
vendor-advisory
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
N/A
Hyperlink: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-385CWE-385 Covert Timing Channel
Type: CWE
CWE ID: CWE-385
Description: CWE-385 Covert Timing Channel
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Jan, 2024 | 08:15
Updated At:05 Jun, 2026 | 19:38

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Arm Limited
arm
>>mbed_tls>>Versions from 2.0.0(inclusive) to 2.28.7(exclusive)
cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
trustedfirmware
trustedfirmware
>>mbed_tls>>Versions from 3.0.0(inclusive) to 3.5.2(exclusive)
cpe:2.3:a:trustedfirmware:mbed_tls:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-203Primarynvd@nist.gov
CWE-385Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-203
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-385
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/cve@mitre.org
N/A
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/cve@mitre.org
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/af854a3a-2127-422b-91ae-364da2661108
N/A
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

121Records found
CVE-2021-26313
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 11:23
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Speculative Code Store Bypass

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Action-Not Available
Vendor-Xen ProjectAdvanced Micro Devices, Inc.Intel CorporationDebian GNU/LinuxBroadcom Inc.Arm Limited
Product-debian_linuxcore_i7-7700kryzen_5_5600xxeon_silver_4214core_i7-10700kryzen_threadripper_2990wxcortex-a72xenryzen_7_2700xcore_i9-9900kbcm2711All supported processors
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-26314
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 11:23
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Speculative execution with Floating-Point Value Injection

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Action-Not Available
Vendor-Xen ProjectAdvanced Micro Devices, Inc.Intel CorporationFedora ProjectBroadcom Inc.Arm Limited
Product-core_i7-7700kryzen_5_5600xxeon_silver_4214fedoracore_i7-10700kryzen_threadripper_2990wxcortex-a72xenryzen_7_2700xcore_i9-9900kbcm2711All supported processors
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-16150
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.21%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 00:00
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectArm Limited
Product-mbed_tlsdebian_linuxfedoran/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-13844
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.61%
||
7 Day CHG~0.00%
Published-08 Jun, 2020 | 22:46
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

Action-Not Available
Vendor-n/aopenSUSEArm Limited
Product-cortex-a35_firmwarecortex-a32_firmwarecortex-a32cortex-a73_firmwarecortex-a57cortex-a34cortex-a53_firmwarecortex-a72_firmwarecortex-a72cortex-a35cortex-a73cortex-a53cortex-a34_firmwarecortex-a57_firmwareleapn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2018-3639
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-44.10% / 97.63%
||
7 Day CHG-2.64%
Published-22 May, 2018 | 12:00
Updated-29 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Action-Not Available
Vendor-Oracle CorporationMicrosoft CorporationSiemens AGCanonical Ltd.Debian GNU/LinuxMitel Networks Corp.NVIDIA CorporationSchneider Electric SEIntel CorporationSonicWall Inc.Arm LimitedRed Hat, Inc.
Product-simatic_field_pg_m4enterprise_linux_desktopxeon_e3_1270_v3xeon_e3_12201_v2open_integration_gatewayxeon_e5_2630l_v2xeon_e3_1258l_v4xeon_e3_1260l_v5simatic_ipc677csimatic_ipc547gxeon_e5_2470xeon_e5_2418l_v3xeon_e5_2603_v3sinumerik_pcu_50.5_firmwaresimatic_ipc647c_firmwarexeon_e5_1630_v3simatic_ipc827dxeon_e3_1220_v3xeon_e3_1125c_v2debian_linuxsimatic_field_pg_m5_firmwareitc1900xeon_e5_2620openstackxeon_e3_1220l_v3surface_studiopentium_silveratom_exeon_e5_2609itc2200_pro_firmwarexeon_e5_2620_v2xeon_e3_1265l_v3core_i3enterprise_linux_server_ausmivoice_5000simatic_ipc477e_pro_firmwarexeon_e3_1240_v6simatic_itp1000_firmwareatom_x7-e3950windows_7simatic_s7-1500_firmwarexeon_e3_1225simatic_ipc847d_firmwarexeon_e3_1220_v5xeon_e5_1428l_v3enterprise_linux_euscortex-axeon_e5_2637_v2micloud_management_portalxeon_e3_1230_v2enterprise_linux_serversimatic_ipc677c_firmwarexeon_e5_2643mrg_realtimejetson_tx2itc1500_firmwarexeon_e3_1240_v5simatic_ipc427cxeon_e3_1230_v6sinumerik_tcu_30.3simatic_ipc547exeon_e3_1240_v2xeon_e3_1275_v5simatic_ipc627cxeon_e3_1105c_v2xeon_e5_2609_v3xeon_e3_1285_v3local_service_management_systementerprise_linux_server_tusxeon_e3_1265l_v2xeon_e5_2630_v2simatic_ipc427exeon_e3_1276_v3xeon_e5_2603_v4itc1900_proxeon_e3_1275_v6xeon_e5_2408l_v3simatic_ipc647dceleron_jxeon_e5_2418lpentium_jxeon_e5_2438l_v3simatic_ipc677d_firmwaresimatic_ipc627druggedcom_ape_firmwaresimatic_ipc427d_firmwaresinumerik_tcu_30.3_firmwarexeon_e5_1680_v3virtualization_managerxeon_e3_1268l_v5xeon_e5_1660_v4xeon_e5_2630l_v4xeon_e5_2640xeon_e3_1268l_v3simotion_p320-4ewindows_server_2016xeon_e5_2403_v2simatic_ipc647d_firmwarexeon_e3_1286_v3itc2200simatic_ipc347eubuntu_linuxxeon_e5_2623_v3xeon_e5_2450xeon_e5_2450lxeon_e5_2603_v2xeon_e5_2650l_v3xeon_e3_1280_v6enterprise_linux_workstationsinumerik_840_d_sl_firmwarexeon_e5_2628l_v2xeon_e5_2643_v4itc1900_pro_firmwarexeon_e3_1246_v3solarismivoic_mx-onemivoice_businessxeon_e3_1230_v3xeon_e3_1285l_v3xeon_e5_2430core_i7core_i5xeon_e5_2618l_v3xeon_e5_2620_v4simatic_et_200_spsimatic_ipc847c_firmwarexeon_e3_1226_v3xeon_e5_2630lsimatic_ipc547e_firmwaresimatic_ipc627c_firmwarecloud_global_management_systemvirtualizationxeon_e3_1225_v6xeon_e5xeon_e5_2430l_v2simatic_ipc477e_firmwarexeon_e5_1428l_v2xeon_e5_1620_v3xeon_e3_1260lxeon_e3_1235windows_10surface_bookxeon_e5_2407xeon_e5_2440xeon_e5_2428l_v2xeon_e5_2640_v4xeon_e3_1505l_v5itc2200_proxeon_e3_1280_v3simatic_ipc647cxeon_e3_1245xeon_e5_2618l_v4xeon_e5_2630l_v3xeon_e3_1265l_v4xeon_e7xeon_e3_1231_v3ruggedcom_apexeon_e5_2630_v4xeon_e3_1285_v6windows_server_2012xeon_e5_2618l_v2xeon_e3_1225_v2xeon_e3_1270_v6xeon_e3_1280_v2core_mxeon_e3_1245_v3simatic_ipc427c_firmwarestruxureware_data_center_expertenterprise_linuxxeon_e-1105cjetson_tx1sinema_remote_connect_firmwarexeon_e3_1290xeon_e5_2470_v2xeon_e5_2623_v4simatic_ipc477cglobal_management_systemxeon_e3_1245_v2xeon_e3_1240l_v5simatic_ipc3000_smartxeon_e5_2643_v3xeon_e5_2640_v3itc1500_prosimotion_p320-4e_firmwarexeon_e3_1280xeon_e5_1650xeon_e5_2648l_v3xeon_e5_2609_v4xeon_e3_1505l_v6xeon_goldxeon_e3_1230xeon_e3_1270_v2xeon_e3_1501l_v6xeon_e5_2648l_v4xeon_e3_1275_v3xeon_e3_1220_v6xeon_e3_1281_v3xeon_e5_1650_v3simatic_ipc627d_firmwarexeon_e3_1505m_v5celeron_nsurface_pro_with_lte_advancedxeon_e3_1275l_v3xeon_e3_1501m_v6itc1500xeon_e5_2609_v2surfacexeon_e3_1275_v2atom_x5-e3940xeon_e3_1240mivoice_connectsimatic_itp1000xeon_e5_2430lxeon_e3_1245_v5xeon_e3_1278l_v4xeon_e5_2418l_v2xeon_e5_1680_v4xeon_silverxeon_e5_1660_v2simatic_ipc3000_smart_firmwarexeon_e3_1270_v5xeon_e5_2650itc1900_firmwarexeon_e3_1286l_v3xeon_e3_1230_v5atom_x5-e3930xeon_e5_2643_v2simatic_ipc827c_firmwareatom_cxeon_e5_2450l_v2xeon_e5_2420simatic_ipc827cxeon_e5_2448l_v2xeon_e5_2608l_v4xeon_e5_1620_v4xeon_e5_2630_v3simatic_ipc847cxeon_e3_1230l_v3email_securityxeon_e5_2407_v2xeon_e5_2403xeon_e5_2637_v4xeon_e5_2430_v2xeon_e5_2637xeon_e5_1660simatic_ipc677ditc2200_firmwareweb_application_firewallxeon_e3_1290_v2xeon_e5_1428lxeon_e3_1285l_v4xeon_e5_2630xeon_e3_1285_v4simatic_ipc427e_firmwarexeon_e3_1225_v3xeon_e5_2650l_v2xeon_e3_1225_v5xeon_e5_1630_v4simatic_s7-1500pentiumxeon_e3_1240_v3xeon_e5_2428lwindows_8.1xeon_e5_1620_v2simatic_et_200_sp_firmwaresimatic_ipc347e_firmwarexeon_e5_1650_v4xeon_e5_2648l_v2simatic_ipc477c_firmwarexeon_e3_1270xeon_e5_2608l_v3simatic_field_pg_m5xeon_e3_1280_v5xeon_e5_1660_v3sinumerik_pcu_50.5atom_zxeon_e3_12201secure_mobile_accessxeon_e3_1241_v3simatic_ipc427dsimatic_ipc847dsimatic_ipc477e_proxeon_e5_2620_v3itc1500_pro_firmwarexeon_e5_1650_v2xeon_e5_2648lxeon_e5_2637_v3xeon_e5_2650_v4xeon_e5_2448lsimatic_ipc827d_firmwarexeon_e5_2650_v3simatic_ipc547g_firmwarexeon_e3_1271_v3xeon_platinumxeon_e5_2628l_v3simatic_ipc477d_firmwaresinumerik_840_d_slsimatic_field_pg_m4_firmwaresurface_prosimatic_ipc477exeon_e3_1235l_v5xeon_e5_2450_v2windows_server_2008sonicosvsinema_remote_connectxeon_e5_2640_v2micollabxeon_e5_2628l_v4mivoice_border_gatewayxeon_e5_1620xeon_e5_2650_v2xeon_e5_2650lxeon_e5_2603xeon_e5_2428l_v3xeon_e3_1240l_v3xeon_e5_2420_v2xeon_e3_1220_v2xeon_e5_2440_v2simatic_ipc477dxeon_e3_1245_v6xeon_e3Multiple
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-28469
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.82%
||
7 Day CHG~0.00%
Published-02 Jun, 2023 | 00:00
Updated-08 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0.

Action-Not Available
Vendor-n/aArm Limited
Product-valhall_gpu_kernel_driveravalon_gpu_kernel_drivern/a
CWE ID-CWE-416
Use After Free
CVE-2023-28147
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.82%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 00:00
Updated-09 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0.

Action-Not Available
Vendor-n/aArm Limited
Product-avalon_gpu_kernel_drivervalhall_gpu_kernel_drivermidgard_gpu_kernel_driverbifrost_gpu_kernel_drivern/a
CVE-2022-33917
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.75% / 73.61%
||
7 Day CHG+0.08%
Published-02 Aug, 2022 | 22:17
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.

Action-Not Available
Vendor-n/aArm Limited
Product-valhall_gpu_kernel_drivern/a
CVE-2023-5091
Matching Score-8
Assigner-Arm Limited
ShareView Details
Matching Score-8
Assigner-Arm Limited
CVSS Score-7||HIGH
EPSS-0.13% / 32.70%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 09:23
Updated-22 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mali GPU Kernel Driver allows improper GPU processing operations

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.

Action-Not Available
Vendor-Arm Limited
Product-valhall_gpu_kernel_driverValhall GPU Kernel Driver
CWE ID-CWE-416
Use After Free
CVE-2023-4272
Matching Score-8
Assigner-Arm Limited
ShareView Details
Matching Score-8
Assigner-Arm Limited
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 50.15%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 15:18
Updated-04 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mali GPU Kernel Driver exposes sensitive data from freed memory

A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.

Action-Not Available
Vendor-Arm Limited
Product-bifrost_gpu_kernel_drivervalhall_gpu_kernel_drivermidgard_gpu_kernel_drivermali_gpu_kernel_driverArm 5th Gen GPU Architecture Kernel DriverBifrost GPU Kernel DriverValhall GPU Kernel DriverMidgard GPU Kernel Driver
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-1251
Mirrored Regions with Different Values
CVE-2023-4211
Matching Score-8
Assigner-Arm Limited
ShareView Details
Matching Score-8
Assigner-Arm Limited
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.68%
||
7 Day CHG+0.07%
Published-01 Oct, 2023 | 17:00
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-24||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Action-Not Available
Vendor-Arm Limited
Product-bifrost_gpu_kernel_driver5th_gen_gpu_architecture_kernel_drivermidgard_gpu_kernel_drivervalhall_gpu_kernel_driverMidgard GPU Kernel DriverValhall GPU Kernel DriverBifrost GPU Kernel DriverArm 5th Gen GPU Architecture Kernel DriverMali GPU Kernel Driver
CWE ID-CWE-416
Use After Free
CVE-2018-3640
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.6||MEDIUM
EPSS-1.56% / 81.92%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 12:00
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Action-Not Available
Vendor-Intel CorporationArm Limited
Product-xeon_e3_12201xeon_e3_1225_v3xeon_e5_2450lpentiumxeon_e5_1428lxeon_e5_1620_v3xeon_e5_1620_v4xeon_e3_1240l_v5xeon_e3_1270xeon_e3_1220_v6xeon_e3_1230l_v3xeon_e3_1230_v2xeon_e3_1225_v5xeon_e5_1630_v3xeon_e5_1680_v3xeon_e5_2643_v2xeon_e3_1235xeon_e3_1281_v3xeon_e3_1220l_v3xeon_e5_2450_v2xeon_e5_2408l_v3xeon_e5_1428l_v3xeon_e3_1240_v2xeon_e5_2648lxeon_e3_1276_v3xeon_silverxeon_e5_2609_v4atom_zxeon_e3_1265l_v2xeon_e3_1278l_v4xeon_e5_1620_v2xeon_e3_1240xeon_e5_2630_v2xeon_e3_1246_v3xeon_e5_2637core_i7xeon_e-1105cxeon_e5_2448lxeon_e5_2630lxeon_e5_2643xeon_e3_1275l_v3xeon_e3_1105c_v2xeon_e5_2637_v2xeon_e3xeon_e3_1245_v5xeon_e5_2430_v2xeon_e5_2640_v4xeon_e5_2648l_v2xeon_e5_2608l_v3xeon_e3_1501l_v6xeon_e3_1230_v3xeon_e3_1226_v3xeon_e5_1650_v3xeon_e5_2430lxeon_e5_2428l_v3xeon_e3_1240_v5xeon_e5_2430l_v2xeon_e5_2637_v3xeon_e7xeon_e3_1280_v5xeon_e3_1245_v6xeon_e5_2420_v2xeon_e5_2648l_v3core_i3celeron_nxeon_e5_2428lxeon_e3_1505m_v5xeon_e5_1660_v4xeon_e5_2620_v4xeon_e5_2428l_v2core_i5xeon_e3_1235l_v5xeon_e5_1660_v3celeron_jxeon_e5_2407_v2xeon_e5_2650_v2xeon_e3_1245_v3xeon_e3_1505l_v5xeon_e3_1230xeon_e3_1225xeon_e3_1245xeon_e5_2630_v4pentium_jxeon_e5_2630l_v3xeon_e3_1241_v3xeon_e3_1275_v2xeon_e3_1275_v6xeon_e3_1285l_v3xeon_e5_1620xeon_e5_2620_v3cortex-axeon_e5_2640_v2xeon_platinumxeon_e5_1680_v4xeon_e5_2628l_v3xeon_e5_2609_v2xeon_e5_2430xeon_e5_2643_v3xeon_e5_1428l_v2xeon_e3_1240l_v3xeon_e3_1285l_v4xeon_e3_1230_v6xeon_e5_1630_v4xeon_e5_2407xeon_e5_2643_v4xeon_e3_1220_v3xeon_e3_1280_v6xeon_e5_2620pentium_silverxeon_e3_1285_v6xeon_e5_2618l_v4xeon_e3_1275_v3xeon_e3_1505l_v6xeon_e5_2418lxeon_e3_1275_v5xeon_e3_1286_v3xeon_e3_1268l_v5xeon_e3_1240_v6xeon_e3_1290xeon_e5_2620_v2xeon_e3_1270_v5xeon_e5_2448l_v2xeon_e5_1650_v4xeon_e5_2450l_v2xeon_e5_2630l_v4xeon_e5_2403_v2xeon_e5_2609_v3xeon_e3_1220_v5xeon_e3_1268l_v3xeon_e5_2603xeon_e3_1285_v3xeon_e5_2630_v3xeon_e5_2450xeon_e5_2623_v3xeon_e5_2650l_v3xeon_e3_1501m_v6core_mxeon_e5_2650l_v2xeon_e3_1231_v3xeon_e3_1265l_v4xeon_e3_1280_v2xeon_e5_1650xeon_e5_2470xeon_e5_2438l_v3xeon_goldxeon_e5_2603_v3xeon_e3_1286l_v3atom_catom_exeon_e5_2603_v2xeon_e3_1290_v2xeon_e5_1660xeon_e5_2618l_v3xeon_e5_2603_v4xeon_e5_2618l_v2xeon_e3_1220_v2xeon_e3_1270_v6xeon_e3_1280_v3xeon_e3_1225_v2xeon_e3_1271_v3xeon_e3_12201_v2xeon_e5_2623_v4xeon_e3_1270_v2xeon_e5xeon_e3_1280xeon_e5_2640_v3xeon_e5_2628l_v4xeon_e3_1230_v5xeon_e3_1270_v3xeon_e5_2440xeon_e5_2440_v2xeon_e5_2608l_v4xeon_e5_2650xeon_e3_1265l_v3xeon_e5_1650_v2xeon_e3_1258l_v4xeon_e5_2650_v4xeon_e5_2609xeon_e5_2418l_v3xeon_e3_1260l_v5xeon_e5_2650lxeon_e5_2628l_v2xeon_e5_2418l_v2xeon_e3_1225_v6xeon_e5_2470_v2xeon_e5_2640xeon_e3_1245_v2xeon_e5_2637_v4xeon_e3_1285_v4xeon_e5_2630l_v2xeon_e5_2650_v3xeon_e3_1240_v3xeon_e5_2648l_v4xeon_e5_1660_v2xeon_e5_2403xeon_e3_1260lxeon_e5_2630xeon_e5_2420xeon_e3_1125c_v2Multiple
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-66442
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.37%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 00:00
Updated-03 Apr, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.

Action-Not Available
Vendor-n/aArm Limited
Product-mbed_tlstf-psa-crypton/a
CWE ID-CWE-385
Covert Timing Channel
CVE-2022-48251
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.50%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-03 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."

Action-Not Available
Vendor-n/aArm Limited
Product-cortex-a76aecortex-a75cortex-a77_firmwarecortex-a78_firmwarecortex-a55_firmwarecortex-a57cortex-a53_firmwarecortex-a53cortex-a76ae_firmwarecortex-a75_firmwarecortex-a76_firmwarecortex-a78cortex-a73_firmwarecortex-a76cortex-a55cortex-a72_firmwarecortex-a72cortex-a73cortex-a77cortex-a57_firmwaren/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-46392
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.40%
||
7 Day CHG+0.01%
Published-15 Dec, 2022 | 00:00
Updated-05 Jun, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

Action-Not Available
Vendor-trustedfirmwaren/aArm LimitedFedora Project
Product-mbed_tlsfedoran/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2017-5753
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.6||MEDIUM
EPSS-94.27% / 99.94%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 13:00
Updated-28 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Action-Not Available
Vendor-pepperl-fuchsOracle CorporationSiemens AGVMware (Broadcom Inc.)Canonical Ltd.Phoenix Contact GmbH & Co. KGNetApp, Inc.SUSESynology, Inc.openSUSEIntel CorporationArm LimitedDebian GNU/Linux
Product-bl2_bpc_2000bl_bpc_3000_firmwarexeon_e3_1270_v3xeon_e3_12201_v2dl_ppc21.5m_7000bl_ppc12_1000_firmwarevl2_ppc_3000xeon_e5_2630l_v2xeon_e3_1258l_v4xeon_e3_1260l_v5simatic_itc2200_pro_firmwarebl_rackmount_2u_firmwarebl_bpc_2000cortex-r7_firmwarevl2_ppc_3000_firmwarexeon_e5_2470bl_ppc17_1000_firmwarevl_ppc_2000_firmwarexeon_e5_2603_v3vl2_ppc12_1000_firmwarexeon_e5_2418l_v3vl2_bpc_9000_firmwarebl_rackmount_2uvl_bpc_1000_firmwarexeon_e5_1630_v3xeon_e3_1220_v3btc12simatic_itc1900xeon_e3_1125c_v2debian_linuxhcixeon_e5_2620cortex-a12cortex-a57simatic_itc1900_pro_firmwarexeon_e3_1220l_v3cortex-a78aecore_m7cortex-a17xeon_bronze_3104dl_ppc15m_7000atom_evirtual_machine_managerxeon_e5_2609xeon_phixeon_e5_2620_v2xeon_e3_1265l_v3core_i3bl_ppc_1000xeon_e3_1240_v6atom_x7-e3950suse_linux_enterprise_serverxeon_e3_1225xeon_e3_1220_v5xeon_e5_1428l_v3cortex-a15xeon_e5_2637_v2bl_bpc_7000_firmwarexeon_e3_1230_v2bl_bpc_3001cortex-a9_firmwarebl2_ppc_2000vl2_ppc12_1000xeon_e5_2643valueline_ipc_firmwarecortex-a72_firmwarexeon_e3_1240_v5cortex-a15_firmwarexeon_e3_1230_v6cortex-a76_firmwarexeon_e3_1240_v2simatic_itc2200_proxeon_e3_1275_v5xeon_e3_1105c_v2xeon_e5_2609_v3neoverse_n2_firmwarebtc14_firmwarexeon_e3_1285_v3vl2_bpc_7000_firmwarelocal_service_management_systemel_ppc_1000simatic_winac_rtx_\(f\)_2010xeon_e3_1265l_v2xeon_e5_2630_v2bl2_bpc_2000_firmwareel_ppc_1000\/wt_firmwarexeon_e3_1276_v3cortex-a17_firmwarexeon_e5_2603_v4xeon_e3_1275_v6xeon_e5_2408l_v3cortex-a78_firmwaresimatic_itc1900_firmwareceleron_jxeon_e5_2418lvs960hdsimatic_itc1900_propentium_jxeon_e5_2438l_v3workstationxeon_e5_1680_v3xeon_e3_1268l_v5bl_ppc_7000_firmwarexeon_e5_1660_v4diskstation_managerxeon_e5_2630l_v4suse_linux_enterprise_software_development_kitbl_rackmount_4u_firmwarexeon_e5_2640xeon_e3_1268l_v3vl2_ppc_1000atom_x3cortex-x1_firmwarexeon_e5_2403_v2esxixeon_e3_1286_v3simatic_winac_rtx_\(f\)_2010_firmwarevl_ipc_p7000_firmwareubuntu_linuxxeon_e5_2623_v3xeon_e5_2450dl_ppc15_1000_firmwarexeon_e5_2450lxeon_e5_2603_v2vl_ipc_p7000xeon_e5_2650l_v3xeon_e3_1280_v6cortex-r7neoverse_n1xeon_e5_2628l_v2xeon_e5_2643_v4xeon_e3_1246_v3solarisbl_rackmount_4uxeon_e3_1230_v3xeon_e3_1285l_v3xeon_e5_2430bl_bpc_2000_firmwarecore_i7core_i5xeon_e5_2618l_v3bl2_ppc_7000xeon_e5_2620_v4core_m5xeon_e5_2630lxeon_e3_1226_v3simatic_itc2200_firmwarebl_bpc_2001bl_ppc_1000_firmwarexeon_e3_1225_v6dl_ppc18.5m_7000_firmwarexeon_e5xeon_e5_2430l_v2xeon_e5_1428l_v2bl_ppc17_3000_firmwarexeon_e5_1620_v3simatic_itc1500_pro_firmwarexeon_e3_1260lxeon_e3_1235vl_ppc_3000_firmwarevl2_bpc_3000xeon_e5_2407xeon_e5_2440simatic_itc1500_prosimatic_itc1500_firmwarebl_ppc15_7000bl_ppc12_1000xeon_e5_2428l_v2bl_bpc_7000xeon_e5_2640_v4vl2_bpc_2000xeon_e3_1505l_v5xeon_e3_1280_v3vl2_ppc7_1000xeon_e3_1245xeon_e5_2618l_v4xeon_e5_2630l_v3bl_ppc15_1000xeon_e3_1265l_v4bl_ppc17_1000xeon_e7xeon_e3_1231_v3cortex-a8_firmwarexeon_e5_2630_v4xeon_e3_1285_v6xeon_e3_1225_v2xeon_e5_2618l_v2suse_linux_enterprise_desktopxeon_e3_1270_v6xeon_e3_1280_v2core_mxeon_e3_1245_v3bl2_ppc_7000_firmwarecortex-a73vl2_bpc_1000core_m3xeon_e-1105ccortex-a77xeon_e3_1290xeon_e5_2470_v2bl2_ppc_1000_firmwarexeon_e5_2623_v4xeon_e3_1245_v2bl_bpc_3000vl2_bpc_3000_firmwarexeon_e3_1240l_v5bl_ppc17_7000_firmwarexeon_e5_2643_v3xeon_e5_2640_v3xeon_e3_1280xeon_e5_1650xeon_e5_2648l_v3xeon_e5_2609_v4xeon_e3_1505l_v6xeon_goldsolidfirevalueline_ipccortex-a75xeon_e3_1230xeon_e3_1270_v2xeon_e3_1501l_v6xeon_e5_2648l_v4cortex-a72xeon_e3_1275_v3xeon_e3_1220_v6xeon_e3_1281_v3xeon_e5_1650_v3cortex-r8_firmwarebl_ppc15_1000_firmwareneoverse_n1_firmwarebl_bpc_7001xeon_e3_1505m_v5celeron_nvl2_ppc_7000xeon_e3_1275l_v3xeon_e3_1501m_v6pentium_nxeon_e5_2609_v2vl2_ppc9_1000_firmwarexeon_e3_1275_v2btc14atom_x5-e3940vl2_bpc_2000_firmwarexeonvs360hd_firmwarecortex-a78ae_firmwarecortex-a78neoverse_n2xeon_e3_1240bl_bpc_2001_firmwarexeon_e5_2430lxeon_e3_1245_v5xeon_e3_1278l_v4xeon_e5_2418l_v2cortex-a73_firmwarexeon_e5_1680_v4el_ppc_1000\/wtbl_ppc17_7000xeon_silverbl2_bpc_7000skynasbl2_ppc_1000bl_bpc_3001_firmwarexeon_e5_1660_v2visunet_rm_shellxeon_e3_1270_v5cortex-a76xeon_e5_2650simatic_itc2200cortex-a77_firmwaredl_ppc15m_7000_firmwarexeon_e3_1286l_v3leapxeon_e3_1230_v5atom_x5-e3930xeon_e5_2643_v2atom_ccortex-a8xeon_bronze_3106simatic_itc1500xeon_e5_2450l_v2xeon_e5_2420xeon_e5_2448l_v2xeon_e5_2608l_v4xeon_e5_1620_v4xeon_e5_2630_v3xeon_e3_1230l_v3xeon_e5_2407_v2bl_ppc15_7000_firmwaredl_ppc15_1000xeon_e5_2403xeon_e5_2637_v4bl_ppc15_3000_firmwarevl_bpc_1000bl2_bpc_1000_firmwarexeon_e3_1275xeon_e5_2430_v2xeon_e5_2637router_managerxeon_e5_1660xeon_e3_1290_v2xeon_e5_1428lel_ppc_1000_firmwarexeon_e3_1285l_v4xeon_e5_2630vl_bpc_2000xeon_e3_1285_v4bl_ppc15_3000btc12_firmwarexeon_e3_1225_v3bl2_bpc_7000_firmwarevl2_bpc_1000_firmwarexeon_e5_2650l_v2xeon_e3_1225_v5xeon_e5_1630_v4xeon_e3_1240_v3xeon_e5_2428lxeon_e5_1620_v2xeon_e5_1650_v4xeon_e5_2648l_v2bl_ppc_7000xeon_e3_1270xeon_e3_1125cfusionbl_ppc17_3000xeon_e5_2608l_v3xeon_e3_1280_v5xeon_e5_1660_v3bl2_bpc_1000vl_bpc_3000cortex-x1vl2_bpc_9000atom_zdl_ppc18.5m_7000xeon_e3_12201xeon_e3_1241_v3vl2_ppc_2000_firmwarevl2_bpc_7000vl2_ppc_2000xeon_e5_2620_v3xeon_e5_1650_v2cortex-a12_firmwarevs960hd_firmwarexeon_e5_2648lxeon_e5_2637_v3xeon_e5_2650_v4el_ppc_1000\/m_firmwarebl_bpc_7001_firmwarexeon_e5_2448lxeon_e5_2650_v3vl2_ppc_9000xeon_e3_1271_v3vl_ppc_2000vl2_ppc_9000_firmwarevl_ppc_3000vs360hdxeon_platinumxeon_e5_2628l_v3vl2_ppc_7000_firmwarevl2_ppc7_1000_firmwarecortex-a57_firmwarevl2_ppc9_1000vl2_ppc_1000_firmwarecortex-r8dl_ppc21.5m_7000_firmwarecortex-a75_firmwarexeon_e3_1235l_v5xeon_e5_2450_v2xeon_e3_1220vl_bpc_3000_firmwarecortex-a9xeon_e5_2640_v2xeon_e5_2628l_v4vl_bpc_2000_firmwareel_ppc_1000\/mxeon_e5_1620xeon_e5_2650_v2xeon_e5_2650lxeon_e5_2603bl2_ppc_2000_firmwarexeon_e5_2428l_v3xeon_e3_1240l_v3xeon_e5_2420_v2xeon_e3_1220_v2xeon_e5_2440_v2xeon_e3_1245_v6xeon_e3Most Modern Operating Systems
CWE ID-CWE-203
Observable Discrepancy
CVE-2017-5715
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.6||MEDIUM
EPSS-88.48% / 99.52%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 13:00
Updated-06 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationSiemens AGNetApp, Inc.Intel CorporationCanonical Ltd.Arm Limited
Product-xeon_e3_1230_v3atom_x7-e3950xeon_e3_1505l_v6xeon_phidebian_linuxxeon_e3_1125c_v2xeon_e3_1245_v6xeon_e5_2623_v3xeon_e3_1271_v3xeon_e3_1275_v3xeon_e5_1650communications_diameter_signaling_routersimatic_winac_rtx_\(f\)_2010xeon_e3_1220xeon_e3_1265l_v4core_m5xeon_e5_2603_v4xeon_e5_2407_v2xeon_e3_1285_v4xeon_e5_2630lxeon_e5_2640_v2xeon_e3_1270xeon_e5_1660_v2xeon_e3_1245xeon_e3_1505l_v5xeon_e5_2648lxeon_e5_2450xeon_e5_2609_v2vm_virtualboxxeon_e5_2650xeon_e3_1290xeon_e5_2470_v2xeon_e5_2470xeon_e5_2450l_v2xeon_e5_2630l_v2xeon_e5_2637xeon_e3_1246_v3xeon_e5_2648l_v4xeon_e5_2637_v2xeon_e5_2418l_v3core_i5core_i7xeon_e3xeon_e3_1240_v5xeon_platinumcortex-axeon_e3_1125cxeon_e3_1285_v6xeon_e5_2608l_v4simatic_winac_rtx_\(f\)_firmwarexeon_e5_2643_v4xeon_e5_2650_v2xeon_e5_2650lxeon_e5_1620_v4xeon_e5_1650_v4xeon_e5_2420xeon_e5_2650l_v2xeon_e3_1220l_v3xeon_e3_1278l_v4xeon_e5_2608l_v3xeon_e5_1630_v3xeon_e3_1225xeon_e3_1220_v3xeon_e5_2428l_v2xeon_e7atom_x3xeon_e5_2430lxeon_e3_1275_v6xeon_e3_1275l_v3xeon_e5_1428l_v2xeon_e5_2618l_v2xeon_e5_1428l_v3xeon_e5_2620xeon_e5_1680_v3xeon_e3_1230l_v3xeon_e3_1240l_v3xeon_e3_1230_v5xeon_e5_1650_v2xeon_e5_2603_v2pentium_nxeon_e5_2620_v2xeon_e5_2630_v2xeon_e-1105cxeon_e5_1630_v4xeon_e3_1501m_v6xeon_e5_2407celeron_jxeon_e3_1231_v3xeon_e3_1240l_v5xeon_e3_1260l_v5xeon_e5_2643_v3xeon_e3_1268l_v3atom_zxeon_e5_2438l_v3xeon_e5_2420_v2pentium_jcore_m3xeon_e3_1270_v3xeon_e3_1240_v6xeon_e3_1285l_v4xeon_e3_1501l_v6xeon_e5_2630xeon_e3_1230_v2xeon_e3_1275xeon_e5_2418lxeon_e5_2628l_v3xeon_e3_1105c_v2xeon_e5_2648l_v2xeon_e3_1280_v2xeon_e5_2648l_v3core_i3xeon_e5_2618l_v3xeon_e3_1220_v5xeon_e5_2430_v2xeon_e3_1230_v6xeon_e5_2403_v2celeron_nxeon_e5_1660_v4xeon_e5_2450_v2xeon_e5_2440_v2ubuntu_linuxxeon_e5_2640_v4xeon_e5_2650_v4xeon_e3_1225_v3atom_x5-e3940xeon_e3_1260lxeon_e5_2448lxeon_e3_1235xeon_e5_2628l_v2xeon_e3_1230xeon_e3_1281_v3xeon_e5_1660xeon_e3_1245_v5xeon_e3_1270_v2xeon_e5_2620_v3xeon_e5_2650l_v3core_mxeon_e5_2440xeon_e5_2643_v2xeon_e3_12201atom_ehci_compute_nodexeon_e3_1225_v6xeon_e3_1270_v6xeon_e5_2623_v4xeon_e3_1285_v3xeon_e5xeon_e5_2640_v3xeon_e3_1235l_v5xeon_e5_2609solidfirexeon_e5_2609_v4xeon_e5_2609_v3atom_x5-e3930xeon_e3_12201_v2xeon_e3_1290_v2xeon_e3_1280_v3xeon_e5_2450lxeon_e5_1620_v3xeon_goldxeon_e3_1275_v5xeon_e5_2403xeon_e5_2620_v4xeon_e5_2628l_v4xeon_e5_2618l_v4atom_cxeon_e3_1225_v2xeon_e3_1240xeon_e3_1275_v2xeon_e5_2630l_v3xeon_e3_1220_v6xeon_bronze_3104xeon_e3_1270_v5xeon_e5_2603_v3xeon_bronze_3106xeonxeon_e3_1241_v3xeon_e3_1505m_v5xeon_e3_1220_v2xeon_e5_2430xeon_e3_1280_v6xeon_e3_1258l_v4xeon_e5_1650_v3xeon_e5_1428lxeon_silverxeon_e5_2428lxeon_e5_2630_v3xeon_e3_1225_v5xeon_e5_1620_v2xeon_e3_1245_v3xeon_e3_1268l_v5xeon_e5_2640xeon_e5_2418l_v2xeon_e5_2408l_v3xeon_e5_2430l_v2xeon_e5_2448l_v2xeon_e3_1276_v3xeon_e3_1265l_v3xeon_e5_2428l_v3xeon_e5_2650_v3xeon_e3_1280_v5xeon_e5_2630_v4xeon_e3_1280xeon_e3_1286l_v3xeon_e5_1680_v4xeon_e5_2637_v4xeon_e5_2630l_v4xeon_e5_2643xeon_e5_1620core_m7xeon_e3_1226_v3xeon_e3_1240_v2xeon_e3_1245_v2xeon_e5_2603xeon_e3_1286_v3xeon_e5_2637_v3xeon_e3_1265l_v2hci_management_nodexeon_e5_1660_v3xeon_e3_1285l_v3xeon_e3_1240_v3Microprocessors with Speculative Execution
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-49087
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.43% / 63.00%
||
7 Day CHG~0.00%
Published-20 Jul, 2025 | 00:00
Updated-05 Jun, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

Action-Not Available
Vendor-trustedfirmwareMbedArm Limited
Product-mbed_tlsmbedtls
CWE ID-CWE-385
Covert Timing Channel
CVE-2021-24119
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.79% / 74.38%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

Action-Not Available
Vendor-n/aFedora ProjectArm LimitedDebian GNU/Linux
Product-fedoradebian_linuxmbed_tlsn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-36422
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 57.20%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 00:00
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArm Limited
Product-mbed_tlsdebian_linuxn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-36424
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.13% / 32.40%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 00:00
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArm Limited
Product-mbed_tlsdebian_linuxn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-36421
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 67.19%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 00:00
Updated-03 Dec, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.

Action-Not Available
Vendor-n/aArm LimitedDebian GNU/Linux
Product-mbed_tlsdebian_linuxn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-7881
Matching Score-6
Assigner-Arm Limited
ShareView Details
Matching Score-6
Assigner-Arm Limited
CVSS Score-5.1||MEDIUM
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 15:01
Updated-18 Dec, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.

Action-Not Available
Vendor-Arm Limited
Product-c1-pro_firmwarec1-premium_firmwareneoverse-v3_firmwarec1-ultracortex-x4_firmwarec1-ultra_firmwareneoverse-v3ae_firmwarecortex-x4neoverse-v3cortex-x925_firmwarec1-premiumcortex-x925c1-procortex-x3neoverse-v3aeneoverse-v2_firmwareneoverse-v2cortex-x3_firmwareCortex-X925Neoverse V2Cortex-X4Neoverse V3C1-ProC1-PremiumCortex-X3Neoverse V3AEC1-Ultra
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-1422
Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
CVE-2024-10929
Matching Score-6
Assigner-Arm Limited
ShareView Details
Matching Score-6
Assigner-Arm Limited
CVSS Score-5.1||MEDIUM
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 16:05
Updated-18 Dec, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spectre-BSE

In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history.

Action-Not Available
Vendor-Arm Limited
Product-cortex-a57_firmwarecortex-a75cortex-a57cortex-a73_firmwarecortex-a75_firmwarecortex-a73cortex-a72_firmwarecortex-a72Cortex-A57Cortex-A72Cortex-A73Cortex-A75
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-1423
Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
CVE-2020-10932
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 14.04%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 00:00
Updated-05 Jun, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.

Action-Not Available
Vendor-trustedfirmwaren/aArm LimitedDebian GNU/LinuxFedora Project
Product-debian_linuxfedorambed_tlsn/a
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-18222
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 29.03%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 00:00
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectArm Limited
Product-mbed_tlsdebian_linuxfedorambed_crypton/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-44421
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.20%
||
7 Day CHG~0.00%
Published-06 Mar, 2022 | 20:03
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis.

Action-Not Available
Vendor-occlum_projectn/a
Product-occlumn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39775
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.76%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206465854

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39788
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.16%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39755
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.76%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39773
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.16%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39761
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.76%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39754
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.76%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:Android ID: A-207133709

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39760
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.76%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194110526

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-1026
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.76%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startRanging of RttServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194798757

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-54476
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 10.81%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-34556
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.01%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 04:02
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/Linux
Product-debian_linuxlinux_kernelfedoran/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-33149
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.20%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_processors_firmwareatom_processors_firmwarexeon_phi_processors_firmwareitanium_processorspentium_processorsceleron_processorsatom_processorsquark_soc_firmwarecore_processorsceleron_processors_firmwarequark_socitanium_processors_firmwarecore_processors_firmwarexeon_phi_processorsxeon_processorspentium_processors_firmwareIntel(R) Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21331
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.75%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21338
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.08%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21319
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.29%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21300
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21354
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.17%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21333
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.78%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21330
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.40%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21293
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.49%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:18
Updated-06 Sep, 2024 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21344
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.59%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21318
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.58%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21332
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.78%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21304
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.33%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found