CVE-2020-13799
6.8 MEDIUMWestern Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple sta...
Published: 2020-11-18 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 6.8 MEDIUM
- Vector
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-294
Affected products
| Vendor | Product |
|---|---|
| trustedfirmware | inand_cl_em132_firmware, inand_ix_em132_firmware, inand_ix_em132_xi_firmware |
| westerndigital | inand_cl_em132_firmware, inand_ix_em132_firmware, inand_ix_em132_xi_firmware |
Description
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2020-13799
- [Other]https://www.kb.cert.org/vuls/id/231329
- [Other]https://www.kb.cert.org/vuls/id/231329
- [Vendor advisory]https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications
- [Other]https://www.kb.cert.org/vuls/id/231329
- [Other]https://www.kb.cert.org/vuls/id/231329
- [Vendor advisory]https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications
Related CVEs
Same vendor
- CVE-2026-45702 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.4 MEDIUM)
- CVE-2026-45614 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.7 MEDIUM)
- CVE-2026-40290 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (7.8 HIGH)
- CVE-2026-33662 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (7.5 HIGH)
- CVE-2026-33317 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (8.7 HIGH)
Same CWE
- CVE-2026-34021 — The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the...
- CVE-2026-41000 — Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks (3.7 LOW)
- CVE-2026-49322 — Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-... (4.3 MEDIUM)
- CVE-2026-9095 — Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection (8.1 HIGH)
- CVE-2026-46538 — Microsoft UFO open-source framework for intelligent automation across devices and platforms (5.9 MEDIUM)