A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth ,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All...

CVE-2019-19192

The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol ATT requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets...

Code injection

The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol ATT requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets...

CVE-2019-19192

The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol ATT requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets...

CVE-2019-19192

CVE-2019-19192 concerns the STMicroelectronics BLE Stack (STM32WB5x) up to v1.3.1 where the BLE Low Energy implementation mishandles consecutive Attribute Protocol (ATT) requests on reception. This leads to an event deadlock or crash when an attacker in radio range sends crafted ATT packets. The ...

CVE-2019-11090

Cryptographic timing vulnerabilities were discovered in certain versions of the Trusted Platform Module TPM firmware distributed by Intel and STMicroelectronics. Software that uses the TPM to compute ECDSA signatures could leak information through the timing of ECDSA signature operations, allowin...

CVE-2019-16863

Cryptographic timing vulnerabilities were discovered in certain versions of the Trusted Platform Module TPM firmware distributed by Intel and STMicroelectronics. Software that uses the TPM to compute ECDSA signatures could leak information through the timing of ECDSA signature operations, allowin...

TPM-Fail Attacks Against Cryptographic Coprocessors

Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks, by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. Abstract: Trusted Platform Module TPM serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical...

Code injection

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL...

CVE-2019-16863

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL...

CVE-2019-16863

CVE-2019-16863 affects STMicroelectronics ST33TPHF2ESPI TPM devices. The vulnerability stems from a side-channel timing flaw in ECDSA scalar multiplication, allowing an attacker to extract parts of the ECDSA private key. Impact is limited to affected TPM firmware prior to 2019-09-12; exploitation...

Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs. Trusted Platform Module TPM is a...

Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs. Trusted Platform Module TPM is a...

Trusted Platform Module CVE-2019-16863 Unspecified Security Vulnerability

Description Trusted Platform Module is prone to an unspecified security vulnerability. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Technologies Affected STMicroelectronics Trusted Platform Module Trusted...

Code injection

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated with a debug probe via the Instruction Tightly Coupled Memory ITCM bus...

CVE-2019-14238

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated with a debug probe via the Instruction Tightly Coupled Memory ITCM bus...

CVE-2019-14236

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated by observing CPU registers and the effect of code/instruction execution...

Code injection

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated by observing CPU registers and the effect of code/instruction execution...

CVE-2019-14236

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated by observing CPU registers and the effect of code/instruction execution...

CVE-2019-14236

The CVE-2019-14236 entry concerns STMicroelectronics STM32L0/L1/L4/F4/F7/H7 microcontrollers where Proprietary Code Read Out Protection (PCROP) can be defeated by observing CPU registers and the effects of code execution. Affected components are PCROP-protected regions on these devices, with the ...