GHSA-F366-4RVV-95X2 Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration

Impact 1 If an application is making use of the deprecated kit protocol HALs as the communication channel to the target device an attacker can masquerade as a device and return malformed packets of arbitrary length which the protocol stack will write to the stack. HALs intended for production use...

Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration

Impact 1 If an application is making use of the deprecated kit protocol HALs as the communication channel to the target device an attacker can masquerade as a device and return malformed packets of arbitrary length which the protocol stack will write to the stack. HALs intended for production use...

Binary Vulnerability in Rexchip Microelectronics Corporation's Rexchip Chip

Focusing on mobile Internet and digital multimedia chip design, Rexchip is a professional SOC solution provider for personal mobile information terminals. A binary vulnerability exists in Rexchip Microelectronics Corporation's Rexchip microchip, which can be exploited by attackers to launch...

CVE-2020-12787

Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling...

CVE-2020-12788

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks...

CVE-2020-12789

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets...

Design/Logic Flaw

Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling...

Hardcoded credentials

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets...

Code injection

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks...

CVE-2020-12789

The CVE-2020-12789 entry concerns the Secure Monitor in Microchip Atmel ATSAMA5 devices, where a hardcoded key is used to encrypt and authenticate secure applets. Connected sources confirm the vulnerable component (Secure Monitor) and the root cause (hardcoded key), with CVSS v3.1 base score 7.5 ...

CVE-2020-12789

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets...

CVE-2020-12788

The CVE concerns CMAC verification in Microchip Atmel ATSAMA5 products. The issue stems from side-channel weaknesses (timing and power analysis) during CMAC verification, which could potentially expose sensitive information. Connected documents reiterate the affected target as ATSAMA5, but do not...

CVE-2020-12788

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks...

CVE-2020-12787

The CVE-2020-12787 entry concerns Microchip Atmel ATSAMA5 products in Secure Mode where an attacker can bypass applet handling security mechanisms. Connected sources corroborate the issue across Red Hat advisory and NVD entries, indicating the vulnerability affects ATSAMA5 SoCs operating in Secur...

CVE-2020-12787

Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling...

Stack Overflow Vulnerability in Rexchip Microelectronics Corporation's Rexchip Microchip

Rexchip Microelectronics has a R&D team specializing in system-on-chip design and algorithm research, and provides professional chip solutions for high-end intelligent hardware, cell phone peripherals, tablet PCs, TV set-top boxes, industrial control, and many other fields. Rexchip Microelectroni...

Another Story of Bad 1970s Encryption

This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The...

CVE-2019-19529

A use-after-free flaw was found in the driver for the USB Microchip CAN BUS Analyzer Tool. The CAN BUS analysis hardware is not commonly found on server-grade hardware where the flaw exists while a device is removed physical access or a kernel module is unloaded administrative privileges. An...

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All...

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth ,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All...