CVE-2021-3011
First published: Thu Jan 07 2021(Updated: )
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ftsafe K13 | ||
| Ftsafe K21 | ||
| Ftsafe K40 | ||
| Ftsafe K9 | ||
| Google Titan Security Key | ||
| Nxp 3a081 | ||
| NXP A7005a | ||
| Nxp J2a081 | ||
| Nxp J2d081 M59 | ||
| Nxp J2d081 M61 | ||
| Nxp J2d082 M60 | ||
| Nxp J2d120 M60 | ||
| Nxp J2d145 M59 | ||
| Nxp J2e081 M64 | ||
| Nxp J2e082 M65 | ||
| Nxp J2e120 M65 | ||
| Nxp J2e145 M64 | ||
| Nxp J3a041 | ||
| Nxp J3d081 M59 | ||
| Nxp J3d081 M59 Df | ||
| Nxp J3d081 M61 | ||
| Nxp J3d081 M61 Df | ||
| Nxp J3d082 M60 | ||
| Nxp J3d120 M60 | ||
| Nxp J3d145 M59 | ||
| Nxp J3e016 M64 | ||
| Nxp J3e016 M64 Df | ||
| Nxp J3e016 M66 | ||
| Nxp J3e016 M66 Df | ||
| Nxp J3e041 M64 | ||
| Nxp J3e041 M64 Df | ||
| Nxp J3e041 M66 | ||
| Nxp J3e041 M66 Df | ||
| Nxp J3e081 M64 | ||
| Nxp J3e081 M64 Df | ||
| Nxp J3e081 M66 | ||
| Nxp J3e081 M66 Df | ||
| Nxp J3e082 M65 | ||
| Nxp J3e120 M65 | ||
| Nxp J3e145 M64 | ||
| Nxp P5010 | ||
| Nxp P5020 | ||
| Nxp P5021 | ||
| Nxp P5040 | ||
| Yubico YubiKey Neo |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3011?
CVE-2021-3011 refers to an electromagnetic-wave side-channel issue discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers.
What is the severity of CVE-2021-3011?
The severity of CVE-2021-3011 is medium with a CVSS score of 4.2.
Which software is affected by CVE-2021-3011?
The affected software includes Ftsafe K13, Ftsafe K21, Ftsafe K40, Ftsafe K9, Google Titan Security Key, NXP 3a081, NXP A7005a, NXP J2a081, NXP J2d081 M59, NXP J2d081 M61, NXP J2d082 M60, NXP J2d120 M60, NXP J2d145 M59, NXP J2e081 M64, NXP J2e082 M65, NXP J2e120 M65, NXP J2e145 M64, NXP J3a041, NXP J3d081 M59, NXP J3d081 M59 Df, NXP J3d081 M61, NXP J3d081 M61 Df, NXP J3d082 M60, NXP J3d120 M60, NXP J3d145 M59, NXP J3e016 M64, NXP J3e016 M64 Df, NXP J3e016 M66, NXP J3e016 M66 Df, NXP J3e041 M64, NXP J3e041 M64 Df, NXP J3e041 M66, NXP J3e041 M66 Df, NXP J3e081 M64, NXP J3e081 M64 Df, NXP J3e081 M66, NXP J3e081 M66 Df, NXP J3e082 M65, NXP J3e120 M65, NXP J3e145 M64, NXP P5010, NXP P5020, NXP P5021, NXP P5040, Yubico YubiKey Neo.
How can attackers exploit CVE-2021-3011?
Attackers can exploit CVE-2021-3011 by extracting the ECDSA private key after extensive physical access to the affected devices.
Is there a fix for CVE-2021-3011?
Unfortunately, there is no known fix for CVE-2021-3011 at the moment. Patching the vulnerability may require hardware changes or updates from the affected vendors.
- collector/nvd-index
- agent/references
- agent/type
- agent/author
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/ftsafe
- canonical/ftsafe k13
- canonical/ftsafe k21
- canonical/ftsafe k40
- canonical/ftsafe k9
- vendor/google
- canonical/google titan security key
- vendor/nxp
- canonical/nxp 3a081
- canonical/nxp a7005a
- canonical/nxp j2a081
- canonical/nxp j2d081 m59
- canonical/nxp j2d081 m61
- canonical/nxp j2d082 m60
- canonical/nxp j2d120 m60
- canonical/nxp j2d145 m59
- canonical/nxp j2e081 m64
- canonical/nxp j2e082 m65
- canonical/nxp j2e120 m65
- canonical/nxp j2e145 m64
- canonical/nxp j3a041
- canonical/nxp j3d081 m59
- canonical/nxp j3d081 m59 df
- canonical/nxp j3d081 m61
- canonical/nxp j3d081 m61 df
- canonical/nxp j3d082 m60
- canonical/nxp j3d120 m60
- canonical/nxp j3d145 m59
- canonical/nxp j3e016 m64
- canonical/nxp j3e016 m64 df
- canonical/nxp j3e016 m66
- canonical/nxp j3e016 m66 df
- canonical/nxp j3e041 m64
- canonical/nxp j3e041 m64 df
- canonical/nxp j3e041 m66
- canonical/nxp j3e041 m66 df
- canonical/nxp j3e081 m64
- canonical/nxp j3e081 m64 df
- canonical/nxp j3e081 m66
- canonical/nxp j3e081 m66 df
- canonical/nxp j3e082 m65
- canonical/nxp j3e120 m65
- canonical/nxp j3e145 m64
- canonical/nxp p5010
- canonical/nxp p5020
- canonical/nxp p5021
- canonical/nxp p5040
- vendor/yubico
- canonical/yubico yubikey neo