Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the…
Ledger Nano X, Flex, and Stax devices have a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter. An attacker can provide a crafted reset_handler address to cause the device to enter an unrecoverable fault state during boot. This could result in permanent loss of operability.
Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provide a crafted reset_handler address pointing to invalid memory or attacker-controlled code to cause the device to enter an unrecoverable fault state during boot, resulting in permanent loss of operability.
Owners of Ledger Nano X, Flex, and Stax devices are at risk of permanent loss of operability due to a denial of service attack, which could result in significant financial loss.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0
Affected Products
2
References
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability
Impact