Vulnerabilities > CVE-2020-27211 - Information Exposure Through Discrepancy vulnerability in Nordicsemi Nrf52840 Firmware 20201019

CVSS 5.7 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

high complexity

nordicsemi

CWE-203

NVD

Published: 2021-05-21

Updated: 2024-11-21

Summary

Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase.

Vulnerable Configurations

Part	Description	Count
OS	Nordicsemi Nordicsemi Nrf52840 Firmware - Nordicsemi Nrf52840 Firmware 2020-10-19	2
Hardware	Nordicsemi Nordicsemi Nrf52840 -	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://eprint.iacr.org/2021/640
https://eprint.iacr.org/2021/640
https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf
https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf
https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html