Keyless Entry: Breaking and Entering EMMC RPMB with EMFI

The Replay Protected Memory Block RPMB in modern storage systems provides a secure area where data integrity is ensured by authentication. This block is used in digital devices to store pivotal information that must be safeguarded against modification by potential attackers. This paper targets th...

EUVD-2020-6014

Malware in sbrugna...

CVE-2024-31955

An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB Replay Protected Memory Block area without possessing secret information...

DEBIAN-CVE-2025-21873

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsgtransportsgiofn. In the case where ufsbsgexecadvancedrpmbreq returns an error, do not set the...

SAMSUNG eMMC 安全漏洞

SAMSUNG eMMC is a standard for flash memory cards from Samsung South Korea. A security vulnerability exists in SAMSUNG eMMC versions KLMAG2GE4A and KLM8G1WEMB, which originates from a code bypass via electromagnetic fault injection, which allows an attacker to successfully authenticate and write ...

MediaTek products缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in MediaTek, which originates from an out-of-bounds write in rpmb due to a logic error that may result in local privilege escalation. The following products are affected: MT6580, MT673...

PT-2023-12679 · Core · Core

Name of the Vulnerable Software and Affected Versions: Core affected versions not specified Description: The issue is related to an information disclosure due to a cryptographic problem in Core during RPMB read requests. Recommendations: At the moment, there is no information about a newer versio...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the rpmb module of the MediaTek chips, which is caused by an out-of-range write due to incorrect boundary checking. This could result in a local privilege escalation that requires system...

CVE-2022-23431

An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution...

CVE-2022-23431

An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution...

CVE-2020-35551

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 Exynos chipsets software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 Decemb...

Multiple Samsung security vulnerabilities

Samsung mobile devices O are products of Samsung Corporation in South Korea.Samsung mobile devices O is a series of cell phones.Samsung mobile devices P is a series of mobile hard drives.Samsung mobile devices Q is a series of TVs.Samsung mobile devices Q is a series of TVs. Samsung mobile device...

CVE-2020-13799

Western Digital has identified a security vulnerability in the Replay Protected Memory Block RPMB protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemente...

CVE-2020-12355

Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in IntelR TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

Qiku 360 Phone N6 Pro 1801-A01 Denial of Service Vulnerability

The Qiku 360 Phone N6 Pro 1801-A01 is a smartphone from the Chinese company Qiku Internet Technology. A denial of service vulnerability exists in the /dev/block/mmcblk0rpmb driver kernel module in the Qiku 360 Phone N6 Pro 1801-A01, which can be exploited to cause a denial of service null pointer...

Elevation of Privilege Vulnerability in Multiple Qualcomm Products

The Qualcomm SD 210 and others are central processing unit CPU products for mobile devices from Qualcomm Incorporated. An elevation of privilege vulnerability exists in multiple Qualcomm products. An attacker could exploit the vulnerability to remove the RPMB...

Design/Logic Flaw

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8996, MSM8939, MSM8976, MSM8917, SDM845, and SDM660, access control collision vulnerability when accessing the replay protected memory block...

Google Android RPMB Driver Qualcomm Component Elevation of Privilege Vulnerability

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Qualcomm component of the Google Android RPMB driver. An attacker can exploit this vulnerability to achieve elevatio...

CVE-2016-8459

Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR988462...