In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes.
References
Link | Resource |
---|---|
https://blog.inhq.net/posts/keepkey-CVE-2022-30330/ | Exploit Patch Third Party Advisory |
https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc | Patch Third Party Advisory |
https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2 | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-07T03:25:34
Updated: 2022-07-05T11:30:43
Reserved: 2022-05-07T00:00:00
Link: CVE-2022-30330
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-07T04:15:09.253
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-30330
JSON object: View
Redhat Information
No data.
CWE