CVE-2020-13799
Summary
| CVE | CVE-2020-13799 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-11-18 22:15:00 UTC |
| Updated | 2021-06-29 14:29:00 UTC |
| Description | Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature. |
Risk And Classification
Problem Types: CWE-294
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linaro | Op-tee | All | All | All | All |
| Hardware | Westerndigital | Inand Cl Em132 | - | All | All | All |
| Hardware | Westerndigital | Inand Cl Em132 | - | All | All | All |
| Operating System | Westerndigital | Inand Cl Em132 Firmware | All | All | All | All |
| Hardware | Westerndigital | Inand Ix Em132 | - | All | All | All |
| Hardware | Westerndigital | Inand Ix Em132 | - | All | All | All |
| Operating System | Westerndigital | Inand Ix Em132 Firmware | All | All | All | All |
| Hardware | Westerndigital | Inand Ix Em132 Xi | - | All | All | All |
| Hardware | Westerndigital | Inand Ix Em132 Xi | - | All | All | All |
| Operating System | Westerndigital | Inand Ix Em132 Xi Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VU#231329 - Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks | MISC | www.kb.cert.org | Third Party Advisory, US Government Resource |
| WDC-20008 Replay Attack Vulnerabilities in RPMB Protocol Applications | Western Digital | CONFIRM | www.westerndigital.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.