Описание
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader).
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.7.2 (включая) до 3.9.2 (исключая)
cpe:2.3:a:linux4sam:at91bootstrap:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00172
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-212
Связанные уязвимости
github
около 3 лет назад
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader).
EPSS
Процентиль: 39%
0.00172
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-212