Vulnerabilities

CVE-2020-11684

by Fred · 14/09/2020

AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader).

Date published : 2020-09-14

https://github.com/linux4sam/at91bootstrap/commit/45419497309ffbf27c17ea7938499aca99168927

https://labs.f-secure.com/advisories/microchip-at91bootstrap/

Similar

Tags: Cybersecurity Alert