What is CVE-2022-46392?

CVE-2022-46392 is a medium-severity vulnerability in Arm Mbed_tls, classified under Observable Discrepancy. CVSS score: 5.3/10. Published 2022-12-15.

How severe is CVE-2022-46392?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Arm Mbed_tls

CVE-2022-46392

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA p…

EPSS: 0.002 (45.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N.

Affected products

Arm Mbed_tls
Trustedfirmware Mbed_tls
Fedoraproject Fedora — versions 36, 37
N/a — versions n/a

Weakness classification (CWE)

CWE-203 — Observable Discrepancy

References

cve@mitre.org (Third Party Advisory, Release Notes)
cve@mitre.org (Third Party Advisory, Release Notes)
cve@mitre.org (vendor-advisory)
cve@mitre.org (vendor-advisory)
af854a3a-2127-422b-91ae-364da2661108

Frequently asked questions

What is CVE-2022-46392?: CVE-2022-46392 is a medium-severity vulnerability in Arm Mbed_tls, classified under Observable Discrepancy. CVSS score: 5.3/10. Published 2022-12-15.
How severe is CVE-2022-46392?: Medium severity. CVSS v3 base score is 5.3 out of 10.