Vulnerability: Fault Injection Exploit Degrades Flash Read-Out Protection on STMicroelectronics STM32L4 Devices

Vulnerability: Fault Injection Exploit Degrades Flash Read-Out Protection on STMicroelectronics STM32L4 Devices

CVE-2020-27212 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.

Learn more about our Web Application Penetration Testing UK.