CVE-2019-17391

Name of the Vulnerable Software and Affected Versions Espressif ESP32 mask ROM code versions 2016-06-08 0 through 2

Description The issue is related to the lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip, allowing an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset. This is also associated with insufficient handling of exceptional states in the Secure Boot bootloader, which can allow an attacker to obtain secure boot keys.

Recommendations For Espressif ESP32 mask ROM code versions 2016-06-08 0 through 2, consider implementing physical security measures to prevent tampering with the device's power supply, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.