Nordic Semiconductor IronSide SE Algorithmic Complexity Vulnerability in nRF54H20
Vulnerability
A vulnerability has been identified in Nordic Semiconductor's IronSide SE for nRF54H20, affecting versions prior to 23.0.2+17. The issue arises from an algorithmic complexity problem that compromises the integrity of the UICR.PROTECTEDMEM digest. When the application firmware boots the secondary image, the digest is deleted. If SECONDARY.PROTECTEDMEM is not defined, this leads to a recalculation of the digest based on MRAM contents when the primary image is rebooted, thereby breaking the integrity of PROTECTEDMEM and the secure boot functionality that depends on it.
Impact
Exploiting this vulnerability disrupts the integrity of PROTECTEDMEM, undermining the secure boot process that relies on a valid digest to verify the authenticity of the software running on the device.
Remediation
Users are advised to update to IronSide SE version 23.0.2+17 or later to ensure proper functionality and restore the integrity of PROTECTEDMEM and secure boot operations.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.