Ledger Security Bulletins

Technical details of past security issues, their potential impact and available patches or workarounds.

Ledger believes in better security through openness. If you believe that you have discovered a vulnerability, please report it through the bug bounty program.

ID	Title	Date
LSB 021	Ledger Security Bulletin 021 Missing parameter validation during MCU firmware update	10 January 2025
LSB 020	Ledger Security Bulletin 020 Ledger Live incorrectly parses some EIP-712 messages	20 November 2023
LSB 019	Ledger Security Bulletin 019 Invalid addresses for certain miniscript policies	11 May 2023
LSB 018	Ledger Security Bulletin 018 Invalid command processing on HSM firmware	5 August 2022
LSB 017	Ledger Security Bulletin 017 Keycard bypass on Ledger HW.1	6 July 2022
LSB 016	Ledger Security Bulletin 016 Length-extension attack on SCP	17 May 2021
LSB 015	Ledger Security Bulletin 015 TX data of unsupported crypto assets are not displayed by the Ethereum app 1.6.0	13 January 2021
LSB 014	Ledger Security Bulletin 014 Path derivation too permissive in Bitcoin derivative apps	04 August 2020
LSB 013	Ledger Security Bulletin 013 JTAG/SWD Protocols Enabled on STM32WB55 Unsecured Processor	9 July 2020
LSB 012	Ledger Security Bulletin 012 Incorrect BTC balance in Ledger Live with RBF UTXOs	2 July 2020
LSB 011	Ledger Security Bulletin 011 XRP account misuse and transaction malleability	9 June 2020
LSB 010	Ledger Security Bulletin 010 Massive transaction fees in BTC app and derivative	3 June 2020
LSB 009	Ledger Security Bulletin 009 Monero funds lock-up	30 April 2020
LSB 008	Ledger Security Bulletin 008 Monero private key retrieval	27 April 2020
LSB 007	Ledger Security Bulletin 007 Monero private key retrieval	04 October 2019
LSB 006	Ledger Security Bulletin 006 OLED screen side-channel vulnerability	07 August 2019
LSB 005	Ledger Security Bulletin 005 MCU Bootloader verification bypass	27 December 2018
LSB 004	Ledger Security Bulletin 004 Bitcoin change address injection	11 November 2018
LSB 003	Ledger Security Bulletin 003 Isolation vulnerability	20 March 2018
LSB 002	Ledger Security Bulletin 002 Supply chain attack	20 March 2018
LSB 001	Ledger Security Bulletin 001 Padding oracle attack on SCP	20 March 2018

Note: these security bulletins are inspired by Qubes Security Bulletins but aren't related in any way.