CVE-2020-11683

MEDIUM

AT91bootstrap 3.7.2-3.9.2 - Timing Side Channel via CMAC Forgery

Title source: llm
STIX 2.1

Description

A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.

References (2)

Core 2

Scores

CVSS v3 6.8
EPSS 0.0051
EPSS Percentile 40.0%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-203
Status published
Products (1)
linux4sam/at91bootstrap 3.7.2 - 3.9.2
Published Sep 14, 2020
Tracked Since Feb 18, 2026