Thank you for your question!
During signature verification, the private key isn’t involved, therefore you cannot expose it.
As the CVE descriuption: “Our bignum implementation is not constant time/constant trace, so side channel attacks can retrieve the blinded value, factor it (as it is smaller than RSA keys and not guaranteed to have only large prime factors), and then, by brute force, recover the key.”
During signature verification, there is no blinding of the private key, so it cannot be exposed.
Mbed TLS Support