In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or has unspecified other capabilities. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware.
https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2
https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc
Source: MITRE
Published: 2022-05-07
Updated: 2022-05-19
Type: CWE-668
Base Score: 6.9
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.4
Severity: MEDIUM
Base Score: 6.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 0.7
Severity: MEDIUM