CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 1CVE-2021-40154
https://notcve.org/view.php?id=CVE-2021-40154
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory. Los dispositivos NXP LPC55S69 versiones anteriores a A3, presentan una lectura excesiva del búfer por medio de un valor wlength diseñado en una petición GET Descriptor Configuration durante el uso del modo USB In-System Programming (ISP). Esto revela la memoria flash protegida • https://github.com/Jeromeyoung/CVE-2021-40154 https://github.com/Xen1thLabs-AE/CVE-2021-40154 https://www.darkmatter.ae/xen1thlabs/published-advisories • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 1CVE-2021-31532
https://notcve.org/view.php?id=CVE-2021-31532
NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM. Microcontroladores NXP LPC55S6x (0A y 1B), i.MX RT500 (silicio rev B1 y B2), i. MX RT600 (silicio rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicio rev 0A, 1B), LPC55S1x, LPC551x (silicio rev 0A) y LPC55S0x, LPC550x (silicio rev 0A) incluyen un periférico de parcheo de ROM no documentado que permite la modificación sin firma y no persistente de la ROM interna • https://oxide.computer/blog/lpc55 https://www.nxp.com •