CVE-2020-27212
First published: Fri May 21 2021(Updated: )
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ST STM32CubeL4 | <=1.16.0 | |
| ST STM32L412C8 | ||
| ST STM32L412CB | ||
| ST STM32L4 microcontroller family | ||
| STM32L412KB | ||
| ST STM32L412R8 | ||
| STMicroelectronics STM32L412RB | ||
| STM32L412T8 | ||
| ST STM32L412TB | ||
| ST STM32L422 | ||
| ST STM32L422 | ||
| ST STM32L422 | ||
| ST STM32L422 | ||
| ST STM32L431CB | ||
| STM32L431CC | ||
| ST STM32L431KB | ||
| ST STM32L431KC | ||
| STM32L431RB | ||
| STM32L431RC | ||
| STM32L431VC | ||
| ST STM32L432KB | ||
| STM32L432KC | ||
| ST STM32L433CB | ||
| STM32L433CC | ||
| ST STM32L433RB | ||
| STM32L433RC | ||
| ST STM32L433VC | ||
| ST STM32L442KC | ||
| ST STM32L4 Series Microcontroller | ||
| STMicroelectronics STM32L443RC | ||
| ST STM32L43xx | ||
| ST STM32L451CC | ||
| ST STM32L451CE | ||
| STMicroelectronics STM32L451RC | ||
| STMicroelectronics STM32L451RE | ||
| STM32L451VC | ||
| STM32L451VE | ||
| ST STM32L452CC | ||
| ST STM32L452CE | ||
| STM32L452RC | ||
| STMicroelectronics STM32L452RE Microcontroller | ||
| STMicroelectronics STM32L452VC | ||
| STMicroelectronics STM32L452VE | ||
| STMicroelectronics STM32L462CE | ||
| ST STM32L462RE | ||
| STMicroelectronics STM32L462VE | ||
| STM32L471QE | ||
| ST STM32L471QG | ||
| STM32L471RE | ||
| ST STM32L471RG Microcontroller | ||
| ST STM32L471VE | ||
| STMicroelectronics STM32L471VG | ||
| ST STM32L471ZE | ||
| ST STM32L471ZG | ||
| STM32L475RC | ||
| STM32L475RE | ||
| STMicroelectronics STM32L475RG | ||
| STM32L475VC | ||
| STMicroelectronics STM32L475VE | ||
| ST STM32L475VG | ||
| STMicroelectronics STM32L476JE | ||
| STMicroelectronics STM32L476JG | ||
| ST STM32L476 ME | ||
| ST STM32L476MG | ||
| STM32L476QE | ||
| ST STM32L476QG Microcontroller | ||
| STMicroelectronics STM32L476RC | ||
| STMicroelectronics STM32L476RE | ||
| STM32L476RG | ||
| STM32L476VC | ||
| ST STM32L476VE | ||
| STM32L476VG | ||
| ST STM32L476ZE | ||
| STMicroelectronics STM32L476ZG | ||
| ST STM32L486JG | ||
| STM32L486QG | ||
| STM32L486RG | ||
| ST STM32L486VG | ||
| ST STM32L486ZG | ||
| ST STM32L496AE | ||
| STMicroelectronics STM32L496AG | ||
| STM32L496QE | ||
| STM32L496QG | ||
| STM32L496RE | ||
| STM32L496RG | ||
| STM32L496VE | ||
| STMicroelectronics STM32L496VG | ||
| STMicroelectronics STM32L496WG | ||
| STM32L496ZE | ||
| STMicroelectronics STM32L496ZG | ||
| ST STM32L4A6AG | ||
| ST STM32L4A6QG | ||
| ST STM32L4A6RG | ||
| ST STM32L4A6VG | ||
| ST STM32L4A6ZG |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-27212?
CVE-2020-27212 is classified as a high-severity vulnerability due to the potential for unauthorized access to sensitive data.
How do I fix CVE-2020-27212?
To mitigate CVE-2020-27212, ensure your firmware is updated to version 1.16.1 or later, which includes security patches.
What devices are affected by CVE-2020-27212?
CVE-2020-27212 affects STM32L4 devices with STM32CubeL4 firmware versions up to 1.16.0.
What does CVE-2020-27212 exploit?
CVE-2020-27212 exploits incorrect access control during the boot phase, allowing degradation of flash read-out protection.
Can CVE-2020-27212 lead to data exposure?
Yes, CVE-2020-27212 can potentially expose sensitive data by allowing limited access to the debug interface.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/st
- canonical/st stm32cubel4
- version/st stm32cubel4/1.16.0
- canonical/st stm32l412c8
- canonical/st stm32l412cb
- canonical/st stm32l4 microcontroller family
- canonical/stm32l412kb
- canonical/st stm32l412r8
- canonical/stmicroelectronics stm32l412rb
- canonical/stm32l412t8
- canonical/st stm32l412tb
- canonical/st stm32l422
- canonical/st stm32l431cb
- canonical/stm32l431cc
- canonical/st stm32l431kb
- canonical/st stm32l431kc
- canonical/stm32l431rb
- canonical/stm32l431rc
- canonical/stm32l431vc
- canonical/st stm32l432kb
- canonical/stm32l432kc
- canonical/st stm32l433cb
- canonical/stm32l433cc
- canonical/st stm32l433rb
- canonical/stm32l433rc
- canonical/st stm32l433vc
- canonical/st stm32l442kc
- canonical/st stm32l4 series microcontroller
- canonical/stmicroelectronics stm32l443rc
- canonical/st stm32l43xx
- canonical/st stm32l451cc
- canonical/st stm32l451ce
- canonical/stmicroelectronics stm32l451rc
- canonical/stmicroelectronics stm32l451re
- canonical/stm32l451vc
- canonical/stm32l451ve
- canonical/st stm32l452cc
- canonical/st stm32l452ce
- canonical/stm32l452rc
- canonical/stmicroelectronics stm32l452re microcontroller
- canonical/stmicroelectronics stm32l452vc
- canonical/stmicroelectronics stm32l452ve
- canonical/stmicroelectronics stm32l462ce
- canonical/st stm32l462re
- canonical/stmicroelectronics stm32l462ve
- canonical/stm32l471qe
- canonical/st stm32l471qg
- canonical/stm32l471re
- canonical/st stm32l471rg microcontroller
- canonical/st stm32l471ve
- canonical/stmicroelectronics stm32l471vg
- canonical/st stm32l471ze
- canonical/st stm32l471zg
- canonical/stm32l475rc
- canonical/stm32l475re
- canonical/stmicroelectronics stm32l475rg
- canonical/stm32l475vc
- canonical/stmicroelectronics stm32l475ve
- canonical/st stm32l475vg
- canonical/stmicroelectronics stm32l476je
- canonical/stmicroelectronics stm32l476jg
- canonical/st stm32l476 me
- canonical/st stm32l476mg
- canonical/stm32l476qe
- canonical/st stm32l476qg microcontroller
- canonical/stmicroelectronics stm32l476rc
- canonical/stmicroelectronics stm32l476re
- canonical/stm32l476rg
- canonical/stm32l476vc
- canonical/st stm32l476ve
- canonical/stm32l476vg
- canonical/st stm32l476ze
- canonical/stmicroelectronics stm32l476zg
- canonical/st stm32l486jg
- canonical/stm32l486qg
- canonical/stm32l486rg
- canonical/st stm32l486vg
- canonical/st stm32l486zg
- canonical/st stm32l496ae
- canonical/stmicroelectronics stm32l496ag
- canonical/stm32l496qe
- canonical/stm32l496qg
- canonical/stm32l496re
- canonical/stm32l496rg
- canonical/stm32l496ve
- canonical/stmicroelectronics stm32l496vg
- canonical/stmicroelectronics stm32l496wg
- canonical/stm32l496ze
- canonical/stmicroelectronics stm32l496zg
- canonical/st stm32l4a6ag
- canonical/st stm32l4a6qg
- canonical/st stm32l4a6rg
- canonical/st stm32l4a6vg
- canonical/st stm32l4a6zg