CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27211
https://notcve.org/view.php?id=CVE-2020-27211
Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase. Los dispositivos Nordic Semiconductor nRF52840 hasta el 2020-10-19 presentan una protección inadecuada contra los canales laterales físicos. La protección de lectura flash (APPROTECT) se puede omitir inyectando un fallo durante la fase de arranque • https://eprint.iacr.org/2021/640 https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html https://www.aisec.fraunhofer.de/en/FirmwareProtection.html • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29415
https://notcve.org/view.php?id=CVE-2021-29415
The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This allows an adversary to recover the private ECC key used during an ECDSA operation. El acelerador de hardware elliptic curve cryptography (ECC), parte del ARM® TrustZone® CryptoCell 310, contenido en NordicSemiconductor nRF52840 hasta el 2021-03-29 presenta una implementación ECDSA de tiempo no constante. Esto permite que un adversario recupere la clave ECC privada utilizada durante una operación ECDSA • https://eprint.iacr.org/2021/640 https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html https://www.sit.fraunhofer.de/en/news-events/downloads-services/cve • CWE-203: Observable Discrepancy •