Security Bulletins
Ledger believes in better security through openness. The Ledger Security Bulletins describe technical details of past security issues, their potential impact and available patches or workaround.
If you believe that you have discovered a vulnerability, please report it through the bug bounty program.
| Date | Title |
|---|---|
| 2021-05-17 | LSB 016: Length-extension attack on SCP |
| 2021-01-13 | LSB 015: TX data of unsupported crypto assets are not displayed by the Ethereum app 1.6.0 |
| 2020-08-04 | LSB 014: Path derivation too permissive in Bitcoin derivative apps |
| 2020-07-08 | LSB 013: JTAG/SWD Protocols Enabled on STM32WB55 Unsecured Processor |
| 2020-07-02 | LSB 012: Incorrect BTC balance in Ledger Live with RBF UTXOs |
| 2020-06-09 | LSB 011: XRP account misuse and transaction malleability |
| 2020-06-03 | LSB 010: Massive transaction fees in BTC app and derivative |
| 2020-04-30 | LSB 009: Monero funds lock-up |
| 2020-04-27 | LSB 008: Monero private key retrieval |
| 2019-10-04 | LSB 007: Monero private key retrieval |
| 2019-08-07 | LSB 006: OLED screen side-channel vulnerability |
| 2018-12-27 | LSB 005: MCU bootloader verification bypass |
| 2018-11-28 | LSB 004: Bitcoin change address injection |
| 2018-03-20 | LSB 003: Isolation vulnerability |
| 2018-03-20 | LSB 002: Supply chain attack |
| 2018-03-20 | LSB 001: Padding oracle attack on SCP |
Note: these security bulletins are inspired by Qubes Security Bulletins but aren’t related in any way.