{"id":"CVE-2020-11683","details":"A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.","modified":"2026-04-11T09:46:18.432189Z","published":"2020-09-14T14:15:10.617Z","references":[{"type":"FIX","url":"https://github.com/linux4sam/at91bootstrap/commit/7753914c9a622c245f3a3cf2af5e24b6a9904213"},{"type":"EVIDENCE","url":"https://labs.f-secure.com/advisories/microchip-at91bootstrap/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/linux4sam/at91bootstrap","events":[{"introduced":"533f4082e35869ab61d1112f518063aa0496febb"},{"fixed":"959a75951a8a8feddef210470cb9aca2c9bdcb5a"},{"fixed":"7753914c9a622c245f3a3cf2af5e24b6a9904213"}],"database_specific":{"versions":[{"introduced":"3.7.2"},{"fixed":"3.9.2"}]}}],"versions":["linux4sam_5.6-rc1","v3.7.2","v3.8","v3.8-alpha1","v3.8-alpha2","v3.8-alpha3","v3.8-alpha4","v3.8-alpha5","v3.8-alpha6","v3.8-alpha7","v3.8-beta1","v3.8.1","v3.8.10","v3.8.10-rc1","v3.8.11","v3.8.11-rc1","v3.8.11-rc2","v3.8.11-rc3","v3.8.11-rc4","v3.8.12","v3.8.13","v3.8.13-rc1","v3.8.13-rc2","v3.8.13-rc3","v3.8.13-rc4","v3.8.13-rc5","v3.8.2","v3.8.3","v3.8.4","v3.8.5","v3.8.6","v3.8.7","v3.8.8","v3.8.8-rc2","v3.8.8-rc3","v3.8.9","v3.8.9-rc1","v3.8.9-rc2","v3.8.9-rc3","v3.8.9-rc4","v3.8.9-rc6","v3.8.9-rc7","v3.9.0","v3.9.0-rc1","v3.9.0-rc2","v3.9.0-rc3","v3.9.0-rc4","v3.9.0-rc5","v3.9.1","v3.9.1-rc1","v3.9.2","v3.9.2-rc1","v3.9.2-rc2"],"database_specific":{"vanir_signatures_modified":"2026-04-11T09:46:18Z","vanir_signatures":[{"deprecated":false,"source":"https://github.com/linux4sam/at91bootstrap/commit/7753914c9a622c245f3a3cf2af5e24b6a9904213","signature_type":"Function","digest":{"length":824,"function_hash":"255551313002851231383074705359359491684"},"id":"CVE-2020-11683-42df8080","target":{"function":"secure_decrypt","file":"driver/secure.c"},"signature_version":"v1"},{"deprecated":false,"source":"https://github.com/linux4sam/at91bootstrap/commit/7753914c9a622c245f3a3cf2af5e24b6a9904213","signature_type":"Line","digest":{"line_hashes":["12594202086834631762248543107474524793","123321447821046916437788577939218398990","148445047497956173920580930048544742979","247867111113196425133876668604870489814"],"threshold":0.9},"id":"CVE-2020-11683-5a48e688","target":{"file":"driver/secure.c"},"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11683.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}