CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 2CVE-2022-45163
https://notcve.org/view.php?id=CVE-2022-45163
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.) Existe una vulnerabilidad de divulgación de información en dispositivos NXP seleccionados cuando se configuran en modo Serial Download Protocol (SDP):i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, y Vybrid. • https://nxp.com https://research.nccgroup.com/2022/11/17/cve-2022-45163 https://research.nccgroup.com/category/technical-advisory • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44149
https://notcve.org/view.php?id=CVE-2021-44149
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. Se ha detectado un problema en Trusted Firmware OP-TEE Trusted OS versiones hasta 3.15.0. El controlador CSU de OPTEE-OS para los dispositivos SoC NXP i.MX6UL carece de la configuración de acceso de seguridad para los registros relacionados con el wakeup, resultando en una omisión de TrustZone porque el Mundo no Seguro puede llevar a cabo operaciones de lectura/escritura de memoria arbitrarias en la memoria del Mundo Seguro. • https://github.com/OP-TEE/optee_os/tags https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0002-OP-TEE_TrustZone_bypass_at_wakeup.txt •
CVSS: 6.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-7936
https://notcve.org/view.php?id=CVE-2017-7936
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory. Se ha descubierto un error de desbordamiento de búfer basado en pila en NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, y Vybrid VF6xx. Cuando el dispositivo está configurado con opciones con seguridad habilitadas, se podría utilizar SDP para descargar una pequeña sección de código en una parte desprotegida de memoria. • http://www.securityfocus.com/bid/99966 https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.0EPSS: 0%CPEs: 60EXPL: 0CVE-2017-7932
https://notcve.org/view.php?id=CVE-2017-7932
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image. Se ha descubierto un problema de validación incorrecta de certificados en NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, y i.MX 6QuadPlus. Cuando el dispositivo está configurado con opciones de seguridad habilitadas, bajo algunas condiciones es posible eludir la verificación de firma utilizando un certificado especialmente manipulado que lleva a la ejecución de una imagen sin firmar. • http://www.securityfocus.com/bid/99966 https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 • CWE-295: Improper Certificate Validation •