AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader).
CPE | Name | Operator | Version |
---|---|---|---|
at91bootstrap | ge | 3.7.2 | |
at91bootstrap | lt | 3.9.2 |