Vulnerability Description
On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| St | Stm32L0 Firmware | - |
| St | Stm32L0 | - |
| St | Stm32L1 Firmware | - |
| St | Stm32L1 | - |
| St | Stm32F4 Firmware | - |
| St | Stm32F4 | - |
| St | Stm32L4 Firmware | - |
| St | Stm32L4 | - |
| St | Stm32F7 Firmware | - |
| St | Stm32F7 | - |
| St | Stm32H7 Firmware | - |
| St | Stm32H7 | - |
Related Weaknesses (CWE)
References
- https://www.usenix.org/conference/woot19/presentation/schinkExploitThird Party Advisory
- https://www.usenix.org/system/files/woot19-paper_schink.pdfExploitMitigationThird Party Advisory
- https://www.usenix.org/conference/woot19/presentation/schinkExploitThird Party Advisory
- https://www.usenix.org/system/files/woot19-paper_schink.pdfExploitMitigationThird Party Advisory
FAQ
What is CVE-2019-14238?
CVE-2019-14238 is a vulnerability with a CVSS score of 6.6 (MEDIUM). On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITC...
How severe is CVE-2019-14238?
CVE-2019-14238 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14238?
Check the references section above for vendor advisories and patch information. Affected products include: St Stm32L0 Firmware, St Stm32L0, St Stm32L1 Firmware, St Stm32L1, St Stm32F4 Firmware.