CVE-2020-11684

2020-09-1414:15:10

Google

osv.dev

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.7%

JSON

AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader).

CPENameOperatorVersion
at91bootstrapeqlinux4sam_5.6-rc1
at91bootstrapeq3.8-alpha2
at91bootstrapeq3.8.11-rc3
at91bootstrapeq3.8.9-rc3
at91bootstrapeq3.8-beta1
at91bootstrapeq3.8.13
at91bootstrapeq3.8.1
at91bootstrapeq3.8
at91bootstrapeq3.8-alpha5
at91bootstrapeq3.8-alpha3

Name	Operator	Version
at91bootstrap	eq	linux4sam_5.6-rc1
at91bootstrap	eq	3.8-alpha2
at91bootstrap	eq	3.8.11-rc3
at91bootstrap	eq	3.8.9-rc3
at91bootstrap	eq	3.8-beta1
at91bootstrap	eq	3.8.13
at91bootstrap	eq	3.8.1
at91bootstrap	eq	3.8
at91bootstrap	eq	3.8-alpha5
at91bootstrap	eq	3.8-alpha3