CVE-2022-46392EPSS p51.3%

CVE-2022-46392CVE-2022-46392

arm / mbed_tls

Description

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

Scoring

CVSS 5.3 ()
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS0.79% probability of exploitation · percentile 51.3% · 2026-06-19T12:03:05Z
Last modified2026-06-17

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2021-36647
CVE
CVE-2022-46393
CVE
CVE-2024-28960
CVE
CVE-2024-49195
CVE
CVE-2021-44732
CVE
CVE-2020-10932
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.