Ledger Security Bulletins

Ledger believes in better security through openness. The Ledger Security Bulletins describe technical details of past security issues, their potential impact and available patches or workaround.

If you believe that you have discovered a vulnerability, please report it through the bug bounty program.

2020-07-08LSB 013: JTAG/SWD Protocols Enabled on STM32WB55 Unsecured Processor
2020-07-02LSB 012: Incorrect BTC balance in Ledger Live with RBF UTXOs
2020-06-09LSB 011: XRP account misuse and transaction malleability
2020-06-03LSB 010: Massive transaction fees in BTC app and derivative
2020-04-30LSB 009: Monero funds lock-up
2020-04-27LSB 008: Monero private key retrieval
2019-10-04LSB 007: Monero private key retrieval
2019-08-07LSB 006: OLED screen side-channel vulnerability
2018-12-27LSB 005: MCU bootloader verification bypass
2018-11-28LSB 004: Bitcoin change address injection
2018-03-20LSB 003: Isolation vulnerability
2018-03-20LSB 002: Supply chain attack
2018-03-20LSB 001: Padding oracle attack on SCP

Note: these security bulletins are inspired by Qubes Security Bulletins but aren’t related in any way.