Primary

Context

Ledger Nano Devices Denial-of-Service Vulnerability in MCU Firmware Update Process

Vulnerability

A denial-of-service vulnerability has been identified in the MCU firmware update process of Ledger Nano X, Flex, and Stax devices, all prior to their respective latest versions. The vulnerability arises from inadequate validation of the reset_handler parameter during firmware flashing. This flaw allows an attacker to supply a crafted reset_handler address that points to invalid memory or attacker-controlled code. Exploiting this vulnerability can cause the device to enter an unrecoverable fault state during boot, leading to a permanent loss of functionality.

Impact

Exploitation of this vulnerability causes the device to enter an unrecoverable fault state during boot, resulting in a permanent loss of operability.

Added: May 19, 2026, 10:24 PM

Updated: May 19, 2026, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ledger Nano Devices Denial-of-Service Vulnerability in MCU Firmware Update Process

Vulnerability

Impact

Affected Products

Ledger Nano X

Ledger Flex

Ledger Stax

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating