Common Vulnerabilities and Exposures

CVE vulnerability data CVE-2020-11683


A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.


The AT91Bootstrap project is the 2nd level bootloader for certain families of Microchip (formerly Atmel) microprocessors (aka AT91). It provides a set of algorithms to manage the hardware initialization, download the next boot stage from specified media, authenticate it, and start it.

Two issues were identified in the code authentication functionality which allow attackers with physical access to disclose encryption keys and conduct side channel analysis attacks.

Related Articles