Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-27212

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.

Published

2021-05-21T12:15:07.730

Last Modified

2024-11-21T05:20:51.937

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.4

Impact Score

6.4

Weaknesses

Type: Primary
CWE-74

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	st	stm32cubel4_firmware	≤ 1.16.0	Yes
Hardware	st	stm32l412c8	-	No
Hardware	st	stm32l412cb	-	No
Hardware	st	stm32l412k8	-	No
Hardware	st	stm32l412kb	-	No
Hardware	st	stm32l412r8	-	No
Hardware	st	stm32l412rb	-	No
Hardware	st	stm32l412t8	-	No
Hardware	st	stm32l412tb	-	No
Hardware	st	stm32l422cb	-	No
Hardware	st	stm32l422kb	-	No
Hardware	st	stm32l422rb	-	No
Hardware	st	stm32l422tb	-	No
Hardware	st	stm32l431cb	-	No
Hardware	st	stm32l431cc	-	No
Hardware	st	stm32l431kb	-	No
Hardware	st	stm32l431kc	-	No
Hardware	st	stm32l431rb	-	No
Hardware	st	stm32l431rc	-	No
Hardware	st	stm32l431vc	-	No
Hardware	st	stm32l432kb	-	No
Hardware	st	stm32l432kc	-	No
Hardware	st	stm32l433cb	-	No
Hardware	st	stm32l433cc	-	No
Hardware	st	stm32l433rb	-	No
Hardware	st	stm32l433rc	-	No
Hardware	st	stm32l433vc	-	No
Hardware	st	stm32l442kc	-	No
Hardware	st	stm32l443cc	-	No
Hardware	st	stm32l443rc	-	No
Hardware	st	stm32l443vc	-	No
Hardware	st	stm32l451cc	-	No
Hardware	st	stm32l451ce	-	No
Hardware	st	stm32l451rc	-	No
Hardware	st	stm32l451re	-	No
Hardware	st	stm32l451vc	-	No
Hardware	st	stm32l451ve	-	No
Hardware	st	stm32l452cc	-	No
Hardware	st	stm32l452ce	-	No
Hardware	st	stm32l452rc	-	No
Hardware	st	stm32l452re	-	No
Hardware	st	stm32l452vc	-	No
Hardware	st	stm32l452ve	-	No
Hardware	st	stm32l462ce	-	No
Hardware	st	stm32l462re	-	No
Hardware	st	stm32l462ve	-	No
Hardware	st	stm32l471qe	-	No
Hardware	st	stm32l471qg	-	No
Hardware	st	stm32l471re	-	No
Hardware	st	stm32l471rg	-	No
Hardware	st	stm32l471ve	-	No
Hardware	st	stm32l471vg	-	No
Hardware	st	stm32l471ze	-	No
Hardware	st	stm32l471zg	-	No
Hardware	st	stm32l475rc	-	No
Hardware	st	stm32l475re	-	No
Hardware	st	stm32l475rg	-	No
Hardware	st	stm32l475vc	-	No
Hardware	st	stm32l475ve	-	No
Hardware	st	stm32l475vg	-	No
Hardware	st	stm32l476je	-	No
Hardware	st	stm32l476jg	-	No
Hardware	st	stm32l476me	-	No
Hardware	st	stm32l476mg	-	No
Hardware	st	stm32l476qe	-	No
Hardware	st	stm32l476qg	-	No
Hardware	st	stm32l476rc	-	No
Hardware	st	stm32l476re	-	No
Hardware	st	stm32l476rg	-	No
Hardware	st	stm32l476vc	-	No
Hardware	st	stm32l476ve	-	No
Hardware	st	stm32l476vg	-	No
Hardware	st	stm32l476ze	-	No
Hardware	st	stm32l476zg	-	No
Hardware	st	stm32l486jg	-	No
Hardware	st	stm32l486qg	-	No
Hardware	st	stm32l486rg	-	No
Hardware	st	stm32l486vg	-	No
Hardware	st	stm32l486zg	-	No
Hardware	st	stm32l496ae	-	No
Hardware	st	stm32l496ag	-	No
Hardware	st	stm32l496qe	-	No
Hardware	st	stm32l496qg	-	No
Hardware	st	stm32l496re	-	No
Hardware	st	stm32l496rg	-	No
Hardware	st	stm32l496ve	-	No
Hardware	st	stm32l496vg	-	No
Hardware	st	stm32l496wg	-	No
Hardware	st	stm32l496ze	-	No
Hardware	st	stm32l496zg	-	No
Hardware	st	stm32l4a6ag	-	No
Hardware	st	stm32l4a6qg	-	No
Hardware	st	stm32l4a6rg	-	No
Hardware	st	stm32l4a6vg	-	No
Hardware	st	stm32l4a6zg	-	No

References

https://eprint.iacr.org/2021/640 Third Party Advisory ([email protected])
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html Third Party Advisory ([email protected])
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html Third Party Advisory ([email protected])
https://eprint.iacr.org/2021/640 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)