CVE-2022-30330

by Fred · 06/05/2022

In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or has unspecified other capabilities. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware.

Date published : 2022-05-06

https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc

https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2

CVE-2022-30330

Similar

Recent Posts

Categories

CVE-2022-30330

Share this:

Similar

Recent Posts

Categories

Tags