Information Exposure Through Timing Discrepancy in mbed TLS and TF-PSA-Crypto - CVE-2026-54435
Published: July 13, 2026
mbed TLS
TF-PSA-Crypto
Detailed vulnerability description
The vulnerability allows a local privileged user to recover long-term ECC keys.
The vulnerability exists due to observable timing side-channel behavior in optimized modular reduction routines for elliptic curve operations when performing repeated scalar multiplication with the same secret scalar. A local privileged user can obtain precise execution traces to recover long-term ECC keys.
Affected operations include deterministic ECDSA signature generation, derivation of the public key when loading a private key, and deterministic key generation.