Vulnerability Description
The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This allows an adversary to recover the private ECC key used during an ECDSA operation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nordicsemi | Nrf52840 Firmware | <= 2021-03-29 |
| Nordicsemi | Nrf52840 | - |
Related Weaknesses (CWE)
References
- https://eprint.iacr.org/2021/640Third Party Advisory
- https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/secuThird Party Advisory
- https://www.sit.fraunhofer.de/en/news-events/downloads-services/cve/Not Applicable
- https://eprint.iacr.org/2021/640Third Party Advisory
- https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/secuThird Party Advisory
- https://www.sit.fraunhofer.de/en/news-events/downloads-services/cve/Not Applicable
FAQ
What is CVE-2021-29415?
CVE-2021-29415 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA i...
How severe is CVE-2021-29415?
CVE-2021-29415 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29415?
Check the references section above for vendor advisories and patch information. Affected products include: Nordicsemi Nrf52840 Firmware, Nordicsemi Nrf52840.