CVE-2020-13799
First published: Wed Nov 18 2020(Updated: )
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Westerndigital Inand Cl Em132 Firmware | <=2020-06-03 | |
| Westerndigital Inand Cl Em132 | ||
| Westerndigital Inand Ix Em132 Firmware | <=2020-06-03 | |
| Westerndigital Inand Ix Em132 | ||
| Westerndigital Inand Ix Em132 Xi Firmware | <=2020-06-03 | |
| Westerndigital Inand Ix Em132 Xi | ||
| Linaro OP-TEE | <=3.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-13799?
CVE-2020-13799 is a security vulnerability in the Replay Protected Memory Block (RPMB) protocol.
What software is affected by CVE-2020-13799?
The firmware versions of Western Digital's Inand Cl Em132 and Inand Ix Em132, as well as Linaro OP-TEE version up to 3.11.0, are affected.
What is the severity of CVE-2020-13799?
The severity of CVE-2020-13799 is medium with a CVSS score of 6.8.
How can I fix CVE-2020-13799?
To fix CVE-2020-13799, Western Digital has provided firmware updates that address the vulnerability. Check their support website for more information.
Where can I find more information about CVE-2020-13799?
You can find more information about CVE-2020-13799 on the CERT Vulnerability Notes Database and Western Digital's product security support website.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/westerndigital
- canonical/westerndigital inand cl em132 firmware
- version/westerndigital inand cl em132 firmware/2020-06-03
- canonical/westerndigital inand cl em132
- canonical/westerndigital inand ix em132 firmware
- version/westerndigital inand ix em132 firmware/2020-06-03
- canonical/westerndigital inand ix em132
- canonical/westerndigital inand ix em132 xi firmware
- version/westerndigital inand ix em132 xi firmware/2020-06-03
- canonical/westerndigital inand ix em132 xi
- vendor/linaro
- canonical/linaro op-tee
- version/linaro op-tee/3.11.0