HIGH✓ PATCH🇬🇧 English

CVE-2025-52496

CVSS 7.8v3.1pub. 2025-07-04upd. 2025-11-03

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Arm Mbed Tls

    APP
    Arm
    < 3.6.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Race Condition
CWE
Referencje

Powiązane podatności

CVE-2026-34877CRITICAL9.8PL ✓ten sam produkt

RCE przez deserializację kontekstu SSL w Mbed TLS

CVE-2026-34872CRITICAL9.1PL ✓ten sam produkt

Brak weryfikacji wkładu strony w FFDH w Mbed TLS i TF-PSA-Crypto

CVE-2022-46393CRITICAL9.8ten sam produkt

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer...

CVE-2022-35409CRITICAL9.1ten sam produkt

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthentic...

CVE-2021-44732CRITICAL9.8ten sam produkt

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl...