← Back to CVEs
CVE-2020-27212
HIGH7.0
Description
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.
CVE Details
CVSS v3.1 Score7.0
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published5/21/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
st:stm32cubel4_firmwarest:stm32l412c8st:stm32l412cbst:stm32l412k8st:stm32l412kbst:stm32l412r8st:stm32l412rbst:stm32l412t8st:stm32l412tbst:stm32l422cbst:stm32l422kbst:stm32l422rbst:stm32l422tbst:stm32l431cbst:stm32l431ccst:stm32l431kbst:stm32l431kcst:stm32l431rbst:stm32l431rcst:stm32l431vcst:stm32l432kbst:stm32l432kcst:stm32l433cbst:stm32l433ccst:stm32l433rbst:stm32l433rcst:stm32l433vcst:stm32l442kcst:stm32l443ccst:stm32l443rcst:stm32l443vcst:stm32l451ccst:stm32l451cest:stm32l451rcst:stm32l451rest:stm32l451vcst:stm32l451vest:stm32l452ccst:stm32l452cest:stm32l452rcst:stm32l452rest:stm32l452vcst:stm32l452vest:stm32l462cest:stm32l462rest:stm32l462vest:stm32l471qest:stm32l471qgst:stm32l471rest:stm32l471rgst:stm32l471vest:stm32l471vgst:stm32l471zest:stm32l471zgst:stm32l475rcst:stm32l475rest:stm32l475rgst:stm32l475vcst:stm32l475vest:stm32l475vgst:stm32l476jest:stm32l476jgst:stm32l476mest:stm32l476mgst:stm32l476qest:stm32l476qgst:stm32l476rcst:stm32l476rest:stm32l476rgst:stm32l476vcst:stm32l476vest:stm32l476vgst:stm32l476zest:stm32l476zgst:stm32l486jgst:stm32l486qgst:stm32l486rgst:stm32l486vgst:stm32l486zgst:stm32l496aest:stm32l496agst:stm32l496qest:stm32l496qgst:stm32l496rest:stm32l496rgst:stm32l496vest:stm32l496vgst:stm32l496wgst:stm32l496zest:stm32l496zgst:stm32l4a6agst:stm32l4a6qgst:stm32l4a6rgst:stm32l4a6vgst:stm32l4a6zg
Weaknesses (CWE)
CWE-74
References
https://eprint.iacr.org/2021/640(cve@mitre.org)
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html(cve@mitre.org)
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html(cve@mitre.org)
https://eprint.iacr.org/2021/640(af854a3a-2127-422b-91ae-364da2661108)
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.