CVE-2024-28960

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

Published: Mar 29, 2024
Updated: Mar 30, 2024
CVE: CVE-2024-28960
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
arm / mbed_tls	2.1.8	2.28.8
arm / mbed_tls	3.0.0	3.6.0
arm / mbed_crypto	-	3.1.0.x
fedoraproject / fedora	38	38.x
fedoraproject / fedora	39	39.x
fedoraproject / fedora	40	40.x

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

Vulnerability Database

289,697

CVE-2024-28960