CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39902
https://notcve.org/view.php?id=CVE-2023-39902
17 Oct 2023 — A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software to execute on the target, leading to privilege escalation. This affects i.MX 8M, i.MX 8M Mini, i.MX 8M Nano, and i.MX 8M Plus. Se identificó una vulnerabilidad de software en U-Boot Secondary Program Loader (SPL) an... • https://community.nxp.com/t5/i-MX-Security/U-Boot-Secondary-Program-Loader-Authentication-Vulnerability-CVE/ta-p/1736196 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 2CVE-2022-45163
https://notcve.org/view.php?id=CVE-2022-45163
18 Nov 2022 — An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the S... • https://nxp.com • CWE-203: Observable Discrepancy •