There is currently a coldboot exploit out in the wild for devices for devices that have the line of Nvidia Tegra Processors.
The vulnerability was disclosed by Twitter and GitHub user "@balika011" after Nvidia has weirdly ignored the bug since it's discovery in March.
The bug works by:
After checking the magic in the header, the nvtboot reads the entire TBC partition (size stored in the GPT) where LoadAddressInsecure points to. If that points to nvtboot in the memory, it's possible to overwrite it, leading to unsigned code execution on the BPMP. This can be used to load the rest of the bootchain without checking the signatures.
So devices that are vulnerable are the ones that nvtboot (like the Nvidia Shield Android TV). Unfortunately, the Nintendo Switch does not have nvtboot thus it is not vulnerable to the bug.
Still a very interesting case of NVIDIA ignoring a bug.
Source: https://github.com/balika011/selfblow