CVE-2021-3011

MEDIUM

NXP SmartMX/P5x/A7x - Info Disclosure

Title source: llm

Description

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).

References (2)

[Exploit, Technical Description, Third Party Advisory] https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf

[Third Party Advisory] https://ninjalab.io/a-side-journey-to-titan/

Scores

CVSS v3 4.2

EPSS 0.0006

EPSS Percentile 17.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-670

Status published

Products (45)

ftsafe/k13

ftsafe/k21

ftsafe/k40

ftsafe/k9

google/titan_security_key

nxp/3a081

nxp/a7005a

nxp/j2a081

nxp/j2d081_m59

nxp/j2d081_m61

... and 35 more

Published Jan 07, 2021

Tracked Since Feb 18, 2026