|
|
Bug Advisory for System Stability Issues When Using PSRAM on ESP32-C5 and ESP32-C61
|
This advisory describes an issue where the default configuration of ESP-IDF may lead to system instability when using PSRAM on ESP32-C5 and ESP32-C61 chip series, and provides corresponding mitigation measures. |
V1.0 |
AR2026-002 |
Bugs |
2026.05.06 |
Fixed with Commit |
|
|
|
OTA Bug Advisory for WPA3-SAE H2E Configuration Issues in ESP-IDF
|
This advisory describes an issue where the default configuration of ESP-IDF may lead to system instability when using PSRAM on ESP32-C5 and ESP32-C61 chip series, and provides corresponding mitigation measures. |
V1.0 |
AR2026-003 |
Bugs |
2026.04.29 |
Fixed |
|
|
|
ESP32-C5 Series Chips Bug Advisory
|
This advisory describes three issues in ESP32-C5 series chips related to PSRAM behavior and wireless coexistence stability, and provides mitigation recommendations. |
V1.0 |
AR2025-008 |
Bugs |
2026.02.26 |
Fixed |
|
|
|
End-of-Life Advisory for ESP-IDF v5.1 Release Branch
|
ESP-IDF v5.1 Release Branch reaches End-of-Life in December of 2025. |
V1.0 |
AR2025-007 |
End-of-Life |
2026.01.30 |
Announcement |
|
|
|
End-of-Life Advisory for ESP-IDF v5.0 Release Branch
|
ESP-IDF v5.0 Release Branch reaches End-of-Life in May of 2025. |
V1.0 |
AR2025-003 |
End-of-Life |
2025.05.22 |
Announcement |
|
|
|
Security Advisory Follow-Up: Updates and Fixes Regarding ESP32 Undocumented Bluetooth Commands
|
This advisory describes the measures concerning the undocumented HCI commands in ESP32 Bluetooth controller. |
V1.0 |
AR2025-004 |
Security |
2025.05.22 |
Notification |
|
|
|
End-of-Life Advisory for ESP-IDF v4.4 Release Branch
|
ESP-IDF v4.4 Release Branch reaches End-of-Life in July of 2024. |
V1.0 |
AR2024-008 |
End-of-Life |
2024.07.02 |
Announcement |
|
|
|
Bug Advisory Concerning Upgrading ESP-IDF for Applications Using Deep-Sleep Functionality based on Certain ESP-IDF Versions
|
This advisory describes two issues that lead to abnormal functionality due to incorrect module initialization timing after deepsleep wake-up and provides solutions for users. |
V1.0 |
AR2024-004 |
Bugs |
2024.06.11 |
Fixed |
|
|
|
Bug Advisory Concerning Some Android Phones Being Unable to Scan the Advertising PDUs Sent by ESP32 Bluetooth LE
|
This advisory describes and provides solution about an issue in ESP32 concerning certain Android phones being unable to scan the advertising PDUs sent by Bluetooth LE when in the Wi-Fi and Bluetooth coexistence mode. |
V1.1 |
AR2024-001 |
Bugs |
2024.05.30 |
Fixed |
|
|
|
Security Advisory for WLAN FragAttacks
|
This security advisory describes vulnerabilities affecting WLAN FragAttacks and their solutions. |
V1.1 |
AR2023-008 |
Security |
2024.05.20 |
Fixed |
|
|
|
Security Advisory for Classic Bluetooth BLUFFS Vulnerability
|
The advisory briefly describes BLUFFS vulnerability and the implementation level mitigations on ESP32 series products for now. |
V1.0 |
AR2023-010 |
Security |
2024.01.19 |
Notification |
|
|
|
End-of-Life Advisory for ESP-IDF v4.3 Release Branch
|
ESP-IDF v4.3 Release Branch reaches End-of-Life in end of 2023. |
V1.0 |
AR2023-011 |
End-of-Life |
2024.01.08 |
Announcement |
|
|
|
Security Advisory concerning Wi-Fi authentication bypass
|
The impact of this attack is that the SoC will transmit some Wi-Fi frames unencrypted. The SoC can also be made to associate with an attacker-controlledopen access point, allowing TCP/IP access by an attacker who does not haveany access to the genuine Wi-Fi access point. |
V1.1 |
AR2020-002 |
Security |
2023.11.03 |
Fixed |
|
|
|
Security Advisory for WFA vulnerability
|
This security advisory describes vulnerabilities affecting Wi-Fi devices and their solutions. |
V1.1 |
AR2021-003 |
Security |
2023.08.25 |
Fixed |
|
|
|
Security Advisory Concerning Bypassing Secure Boot and Flash Encryption Using EMFI
|
This security advisory describes an issue summary and impact analysis of a technique called Electromagnetic Fault Injection (EMFI), which allows bypassing Secure Boot V2 and Flash Encryption on the ESP32 with directly jumping to the UART Download mode implemented in the ROM code. The advisory also provides practical tips for customers on using the ESP32 chip. |
V1.0 |
AR2023-005 |
Security |
2023.07.11 |
Notification |
|
|
|
End-of-Life Advisory for ESP-IDF v4.2 Release Branch
|
ESP-IDF v4.2 Release Branch reaches End-of-Life in June 2023. |
V1.0 |
AR2023-004 |
End-of-Life |
2023.06.30 |
Announcement |
|
|
|
End-of-Life Advisory for ESP-IDF v4.1 Release Branch
|
ESP-IDF v4.1 release branch reaches End-of-Life in February, 2023.a |
V1.0 |
AR2023-001 |
End-of-Life |
2023.03.01 |
Announcement |
|
|
|
Security Advisory Concerning Breaking the Hardware AES Core and Firmware Encryption of ESP32 Chip Revision v3.0
|
This security advisory provides an issue summary and impact analysis of the side-channel attack (SCA) and body bias injection (BBI), which allow attackers to exploit the power consumption trajectory characteristics of ESP32/ESP32-S2/ESP32-S3/ESP32-C3 series chips when performing encryption and decryption to obtain sensitive information in the chip. The advisory also provides practical tips for customers on using the ESP32/ESP32-S2/ESP32-S3/ESP32-C3/ESP32-C2 series chips.
|
V2.0 |
AR2022-003 |
Security |
2022.11.18 |
Notification |
|
|
|
Compatibility Advisory for Chip Revision Numbering Scheme
|
Espressif introduced vM.X numbering scheme to indicate chip revisions. |
V1.0 |
AR2022-005 |
Compatibility |
2022.09.29 |
Announcement |
|
|
|
Optimization of eFuse Programming for ESP32 / ESP32-C3 / ESP32-S2 / ESP32-S3 Series of Chips
|
This advisory describes a rare issue related to Secure Boot v1, Secure Boot v2, and/or flash encryption, and its solution. Note that, this issue can only happen when using specific versions of ESP-IDF for ESP32, ESP32-C3, and ESP32-S2 series products.
|
V1.0 |
AR2022-006 |
Application |
2022.09.26 |
Fixed |
|
|
|
End-of-Life Advisory for ESP-IDF v3.3 Release Branch
|
ESP-IDF v3.3 release branch reaches End-of-Life in February, 2022. |
V1.0 |
AR2022-002 |
End-of-Life |
2022.02.22 |
Announcement |
|
|
|
End-of-Life Advisory for ESP-IDF v4.0 Release Branch
|
ESP-IDF v4.0 release branch reaches End-of-Life in October, 2021. |
V1.0 |
AR2021-007 |
End-of-Life |
2022.01.06 |
Announcement |
|
|
|
Security Advisory on "BadAlloc" Vulnerabilities
|
This security advisory describes BadAlloc, which is a family of vulnerabilities related to integer overflows in heap handling functions in several RTOSes and libraries, and its solutions. |
V1.0 |
AR2021-005 |
Security |
2021.10.27 |
Fixed |
|
|
|
Security Advisory for Bluetooth Vulnerability
|
Securtiy Advisory for various Bluetooth vulnerability, including BrakTooth, Impersonation in different pairing methods and Mesh, BIAS Vulnerability, and their solutions. |
V1.0 |
AR2021-004 |
Security |
2021.08.31 |
Fixed |
|
|
|
Security Advisory Concerning Partitions Using Flash Encryption
|
This security advisory describes the partition encryption issues and their solutions when using the flash encryption feature of ESP32 series products. |
V1.0 |
AR2021-002 |
Security |
2021.06.10 |
Fixed |
|
|
|
End-of-Life Advisory for ESP-IDF v3.1 and ESP-IDF v3.2 Release Branches
|
ESP-IDF v3.1 and v3.2 Release Branch reaches End-of-Life in October, 2020. |
V1.0 |
AR2021-001 |
End-of-Life |
2021.03.09 |
Announcement |
|
|
|
Security Advisory concerning fault injection and ESP32 Flash Encryption & Secure Boot V1
|
These attacks use similar methods and have similar impact to previously advised fault injection issues CVE-2019-15894 and CVE-2019-17391. The vulnerabilities exist in revision 0 and revision 1 of the ESP32 silicon including ESP32-D0WD, ESP32-D2WD, ESP32-S0WD, ESP32-PICO-D4, and modules based on these chips. |
V1.0 |
AR2020-001 |
Security |
2020.07.20 |
Notification |
|