Vulnerabilities > CVE-2021-29415 - Information Exposure Through Discrepancy vulnerability in Nordicsemi Nrf52840 Firmware 20201019/20210329

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
nordicsemi
CWE-203

Summary

The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This allows an adversary to recover the private ECC key used during an ECDSA operation.

Common Weakness Enumeration (CWE)