CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38258
https://notcve.org/view.php?id=CVE-2021-38258
25 Oct 2021 — NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). Se ha detectado que NXP MCUXpresso SDK versión v2.7.0, contiene un desbordamiento de búfer en la función USB_HostProcessCallback() • https://mcusec.github.io/vulnerabilities_details#nxp_usb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.2EPSS: 0%CPEs: 16EXPL: 1CVE-2021-33881
https://notcve.org/view.php?id=CVE-2021-33881
06 Jun 2021 — On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc. En las tarjetas NXP MIFARE Ultralight y NTAG, un atacante puede interrumpir una operación de escritura (también se conoce como ataque "tear off") mediante RFID para omitir el mecanismo ... • https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 1CVE-2021-31532
https://notcve.org/view.php?id=CVE-2021-31532
06 May 2021 — NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM. Microcontroladores NXP LPC55S6x (0A y 1B), i.MX RT500 (silicio rev B1 y B2), i. MX RT600 (silicio rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicio rev 0A, 1B),... • https://oxide.computer/blog/lpc55 •
CVSS: 4.2EPSS: 0%CPEs: 45EXPL: 1CVE-2021-3011
https://notcve.org/view.php?id=CVE-2021-3011
07 Jan 2021 — An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP... • https://ninjalab.io/a-side-journey-to-titan • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2019-17519
https://notcve.org/view.php?id=CVE-2019-17519
12 Feb 2020 — The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet. La implementación de Bluetooth Low Energy en NXP SDK versiones hasta 2.2.1 para dispositivos KW41Z no restringe apropiadamente la longitud de la carga útil de Link Layer, lo que permite a atacantes dentro del radio de alcance causar un desbordamiento del búfer por medio de un paquete dis... • https://asset-group.github.io/disclosures/sweyntooth • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17060
https://notcve.org/view.php?id=CVE-2019-17060
10 Feb 2020 — The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. La implementación de la pila... • https://asset-group.github.io/disclosures/sweyntooth • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 2CVE-2019-14239
https://notcve.org/view.php?id=CVE-2019-14239
24 Sep 2019 — On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register. En los dispositivos NXP Kinetis KV1x, Kinetis KV3x y Kinetis K8x, Flash Access Controls (FAC) (un método de protección de IP de software para acceso solo de ejecución) pueden ser superados mediante el aprovechamiento de una instrucción ... • https://www.usenix.org/conference/woot19/presentation/schink • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-14237
https://notcve.org/view.php?id=CVE-2019-14237
12 Sep 2019 — On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution. En los dispositivos NXP Kinetis KV1x, Kinetis KV3x y Kinetis K8x, Flash Access Controls (FAC) (un método de protección IP de software para acceso de solo ejecución) pueden ser superado mediante la observación de los registros de la CPU y el efecto de la ejecución de código e i... • https://www.usenix.org/system/files/woot19-paper_schink.pdf • CWE-863: Incorrect Authorization •
CVSS: 6.0EPSS: 0%CPEs: 60EXPL: 0CVE-2017-7932
https://notcve.org/view.php?id=CVE-2017-7932
07 Aug 2017 — An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an ... • http://www.securityfocus.com/bid/99966 • CWE-295: Improper Certificate Validation •
CVSS: 6.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-7936
https://notcve.org/view.php?id=CVE-2017-7936
07 Aug 2017 — A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory. Se ha descubierto un error de desbordamiento de búfer basado en pila en NXP i.MX 50, i.MX 53, ... • http://www.securityfocus.com/bid/99966 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •