Non-Constant Time ECDSA Implementation Vulnerability in NordicSemiconductor nRF52840

Non-Constant Time ECDSA Implementation Vulnerability in NordicSemiconductor nRF52840

CVE-2021-29415 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This allows an adversary to recover the private ECC key used during an ECDSA operation.

Learn more about our Cis Benchmark Audit For F5.