CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38258
https://notcve.org/view.php?id=CVE-2021-38258
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). Se ha detectado que NXP MCUXpresso SDK versión v2.7.0, contiene un desbordamiento de búfer en la función USB_HostProcessCallback() • https://mcusec.github.io/vulnerabilities_details#nxp_usb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.2EPSS: 0%CPEs: 16EXPL: 1CVE-2021-33881
https://notcve.org/view.php?id=CVE-2021-33881
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc. En las tarjetas NXP MIFARE Ultralight y NTAG, un atacante puede interrumpir una operación de escritura (también se conoce como ataque "tear off") mediante RFID para omitir el mecanismo de protección Monotonic Counter. El impacto depende de cómo es usado la funcionalidad anti tear-off en aplicaciones específicas como el transporte público, el control de acceso físico, etc • https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html https://www.nxp.com/docs/en/application-note/AN11340.pdf https://www.nxp.com/docs/en/application-note/AN13089.pdf https://www.sstic.org/2021/presentation/eeprom_it_will_all_end_in_tears • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 1CVE-2021-31532
https://notcve.org/view.php?id=CVE-2021-31532
NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM. Microcontroladores NXP LPC55S6x (0A y 1B), i.MX RT500 (silicio rev B1 y B2), i. MX RT600 (silicio rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicio rev 0A, 1B), LPC55S1x, LPC551x (silicio rev 0A) y LPC55S0x, LPC550x (silicio rev 0A) incluyen un periférico de parcheo de ROM no documentado que permite la modificación sin firma y no persistente de la ROM interna • https://oxide.computer/blog/lpc55 https://www.nxp.com •
CVSS: 4.2EPSS: 0%CPEs: 45EXPL: 1CVE-2021-3011
https://notcve.org/view.php?id=CVE-2021-3011
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF). Se detectó un problema de canal lateral de ondas electromagnéticas en los microcontroladores de seguridad NXP SmartMX / P5x y en los microcontroladores de autenticación segura A7x, con CryptoLib versiones hasta v2.9. • https://ninjalab.io/a-side-journey-to-titan https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2019-17519
https://notcve.org/view.php?id=CVE-2019-17519
The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet. La implementación de Bluetooth Low Energy en NXP SDK versiones hasta 2.2.1 para dispositivos KW41Z no restringe apropiadamente la longitud de la carga útil de Link Layer, lo que permite a atacantes dentro del radio de alcance causar un desbordamiento del búfer por medio de un paquete diseñado. • https://asset-group.github.io/disclosures/sweyntooth • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •