CVE-2020-27212

Name of the Vulnerable Software and Affected Versions: STMicroelectronics STM32L4 devices through 2020-10-19

Description: The issue concerns incorrect access control in the affected devices. Specifically, the flash read-out protection (RDP) can be degraded from RDP level 2, which allows no access via the debug interface, to level 1, which permits limited access via the debug interface. This degradation can be achieved by injecting a fault during the boot phase.

Recommendations: For STMicroelectronics STM32L4 devices through 2020-10-19, consider implementing additional security measures to prevent fault injection during the boot phase, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.