CVE-2021-31532

NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.

CVSS v3 6.8 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://oxide.computer/blog/lpc55/	Exploit Third Party Advisory
https://www.nxp.com	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nxp:lpc55s69jbd100_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:lpc55s69jbd100:0a:::::::*
	cpe:2.3:h:nxp:lpc55s69jbd100:1b:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:nxp:lpc55s66jbd100_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:lpc55s66jbd100:0a:::::::*
	cpe:2.3:h:nxp:lpc55s66jbd100:1b:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:nxp:lpc55s69jev98_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:lpc55s69jev98:0a:::::::*
	cpe:2.3:h:nxp:lpc55s69jev98:1b:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:nxp:lpcs66jev98_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:lpcs66jev98:0a:::::::*
	cpe:2.3:h:nxp:lpcs66jev98:1b:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:nxp:lpc55s69jbd64_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:lpc55s69jbd64:0a:::::::*
	cpe:2.3:h:nxp:lpc55s69jbd64:1b:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:nxp:lpcs66jbd64_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:lpcs66jbd64:0a:::::::*
	cpe:2.3:h:nxp:lpcs66jbd64:1b:::::::*

Configuration 7 (hide)

AND

cpe:2.3:o:nxp:i.mx_rt500_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:i.mx_rt500:b1:::::::*
	cpe:2.3:h:nxp:i.mx_rt500:b2:::::::*

Configuration 8 (hide)

AND

cpe:2.3:o:nxp:i.mx_rt600_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:i.mx_rt600:a0:::::::*
	cpe:2.3:h:nxp:i.mx_rt600:b0:::::::*

Configuration 9 (hide)

AND

cpe:2.3:o:nxp:lpc55s28_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:lpc55s28:0a:::::::*
	cpe:2.3:h:nxp:lpc55s28:1b:::::::*

Configuration 10 (hide)

AND

cpe:2.3:o:nxp:lpc55s26_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:lpc55s26:0a:::::::*
	cpe:2.3:h:nxp:lpc55s26:1b:::::::*

Configuration 11 (hide)

AND

cpe:2.3:o:nxp:lpc5528_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:lpc5528:0a:::::::*
	cpe:2.3:h:nxp:lpc5528:1b:::::::*

Configuration 12 (hide)

AND

cpe:2.3:o:nxp:lpc5526_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:lpc5526:0a:::::::*
	cpe:2.3:h:nxp:lpc5526:1b:::::::*

Configuration 13 (hide)

AND

cpe:2.3:o:nxp:lpc55s16jbd100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s16jbd100:0a:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:nxp:lpc55s16jev98_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s16jev98:0a:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:nxp:lpc55s16jbd64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s16jbd64:0a:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:nxp:lpc55s14jbd100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s14jbd100:0a:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:nxp:lpc55s14jbd64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s14jbd64:0a:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:nxp:lpc5516jbd100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc5516jbd100:0a:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:nxp:lpc5516jev98_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc5516jev98:0a:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:nxp:lpc5516jbd64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc5516jbd64:0a:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:nxp:lpc5514jbd100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc5514jbd100:0a:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:nxp:lpc5514jbd64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc5514jbd64:0a:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:nxp:lpc5512jbd100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc5512jbd100:0a:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:nxp:lpc5512jbd64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc5512jbd64:0a:*:*:*:*:*:*:*

History

12 Jul 2022, 17:42

Type	Values Removed	Values Added
CWE	~~CWE-269~~	NVD-CWE-Other

09 Jun 2021, 20:15

Type	Values Removed	Values Added
Summary	NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), and LPC55S1x, LPC551x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM. The peripheral is accessible from any execution mode (secure/privileged, secure/unprivileged, non-secure/privileged, non-secure/unprivileged). The ROM includes a set of APIs intended for use by a secure application to perform flash and in-application programming (IAP) operations. An attacker may use the ROM patch peripheral to modify the implementation of these ROM APIs from a non-secure, unprivileged context. If a non-secure application can also cause the secure application to invoke these ROM APIs, this provides privilege escalation and arbitrary code execution.	NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.

19 May 2021, 19:01

Type	Values Removed	Values Added
CPE		cpe:2.3:h:nxp:lpc55s69jbd64:0a:::::::* cpe:2.3:h:nxp:lpc55s26:0a:::::::* cpe:2.3:o:nxp:i.mx_rt600_firmware:-:::::::* cpe:2.3:h:nxp:lpc55s69jbd100:1b:::::::* cpe:2.3:h:nxp:lpc55s28:1b:::::::* cpe:2.3:h:nxp:lpc55s16jbd64:0a:::::::* cpe:2.3:o:nxp:i.mx_rt500_firmware:-:::::::* cpe:2.3:o:nxp:lpc5516jev98_firmware:-:::::::* cpe:2.3:h:nxp:lpc5512jbd100:0a:::::::* cpe:2.3:h:nxp:lpc55s16jbd100:0a:::::::* cpe:2.3:o:nxp:lpc55s16jev98_firmware:-:::::::* cpe:2.3:h:nxp:i.mx_rt600:b0:::::::* cpe:2.3:o:nxp:lpcs66jbd64_firmware:-:::::::* cpe:2.3:o:nxp:lpc55s26_firmware:-:::::::* cpe:2.3:h:nxp:lpc5516jbd64:0a:::::::* cpe:2.3:h:nxp:lpc55s16jev98:0a:::::::* cpe:2.3:o:nxp:lpc5514jbd64_firmware:-:::::::* cpe:2.3:o:nxp:lpc55s66jbd100_firmware:-:::::::* cpe:2.3:h:nxp:lpcs66jbd64:1b:::::::* cpe:2.3:h:nxp:lpc55s28:0a:::::::* cpe:2.3:o:nxp:lpc5528_firmware:-:::::::* cpe:2.3:h:nxp:lpc55s69jbd100:0a:::::::* cpe:2.3:h:nxp:lpc55s14jbd100:0a:::::::* cpe:2.3:o:nxp:lpc55s28_firmware:-:::::::* cpe:2.3:o:nxp:lpc55s16jbd100_firmware:-:::::::* cpe:2.3:h:nxp:lpc5516jbd100:0a:::::::* cpe:2.3:h:nxp:lpc55s69jbd64:1b:::::::* cpe:2.3:h:nxp:i.mx_rt500:b1:::::::* cpe:2.3:o:nxp:lpcs66jev98_firmware:-:::::::* cpe:2.3:h:nxp:i.mx_rt500:b2:::::::* cpe:2.3:h:nxp:lpc55s26:1b:::::::* cpe:2.3:h:nxp:lpc5514jbd64:0a:::::::* cpe:2.3:h:nxp:lpcs66jbd64:0a:::::::* cpe:2.3:h:nxp:lpc55s14jbd64:0a:::::::* cpe:2.3:h:nxp:lpc5512jbd64:0a:::::::* cpe:2.3:o:nxp:lpc5516jbd64_firmware:-:::::::* cpe:2.3:o:nxp:lpc5514jbd100_firmware:-:::::::* cpe:2.3:h:nxp:i.mx_rt600:a0:::::::* cpe:2.3:o:nxp:lpc55s16jbd64_firmware:-:::::::* cpe:2.3:h:nxp:lpc55s69jev98:1b:::::::* cpe:2.3:h:nxp:lpc5528:1b:::::::* cpe:2.3:h:nxp:lpcs66jev98:0a:::::::* cpe:2.3:h:nxp:lpc55s66jbd100:0a:::::::* cpe:2.3:h:nxp:lpc5526:0a:::::::* cpe:2.3:h:nxp:lpc5526:1b:::::::* cpe:2.3:h:nxp:lpc5528:0a:::::::* cpe:2.3:h:nxp:lpc5516jev98:0a:::::::* cpe:2.3:o:nxp:lpc55s14jbd64_firmware:-:::::::* cpe:2.3:h:nxp:lpc5514jbd100:0a:::::::* cpe:2.3:o:nxp:lpc55s69jbd64_firmware:-:::::::* cpe:2.3:o:nxp:lpc5526_firmware:-:::::::* cpe:2.3:h:nxp:lpc55s69jev98:0a:::::::* cpe:2.3:o:nxp:lpc55s14jbd100_firmware:-:::::::* cpe:2.3:h:nxp:lpc55s66jbd100:1b:::::::* cpe:2.3:o:nxp:lpc5512jbd100_firmware:-:::::::* cpe:2.3:o:nxp:lpc5512jbd64_firmware:-:::::::* cpe:2.3:o:nxp:lpc55s69jev98_firmware:-:::::::* cpe:2.3:o:nxp:lpc5516jbd100_firmware:-:::::::* cpe:2.3:h:nxp:lpcs66jev98:1b:::::::* cpe:2.3:o:nxp:lpc55s69jbd100_firmware:-:::::::*
References	~~(MISC) https://www.nxp.com -~~	(MISC) https://www.nxp.com - Vendor Advisory
References	~~(MISC) https://oxide.computer/blog/lpc55/ -~~	(MISC) https://oxide.computer/blog/lpc55/ - Exploit, Third Party Advisory
CWE		CWE-269
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.6 v3 : 6.8

06 May 2021, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-05-06 13:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-31532

Mitre link : CVE-2021-31532

CVE.ORG link : CVE-2021-31532

JSON object : View

Products Affected

nxp

lpc55s16jbd100
lpc5516jev98
lpcs66jbd64
lpc5512jbd64_firmware
lpc55s14jbd64
lpc55s69jev98_firmware
lpc55s26
lpcs66jev98
lpc55s16jbd100_firmware
lpc5516jev98_firmware
lpc55s69jbd64
lpc5514jbd64_firmware
lpc5512jbd100_firmware
lpc55s16jbd64_firmware
lpc55s16jev98
lpc5516jbd100
lpc55s16jbd64
i.mx_rt500_firmware
lpc55s69jbd100_firmware
lpc5526
lpc5514jbd100_firmware
i.mx_rt500
lpc55s69jev98
lpc55s66jbd100_firmware
lpc5528_firmware
i.mx_rt600
lpc55s26_firmware
i.mx_rt600_firmware
lpc5526_firmware
lpc5512jbd64
lpc5528
lpc55s69jbd100
lpcs66jev98_firmware
lpc55s16jev98_firmware
lpcs66jbd64_firmware
lpc5512jbd100
lpc55s28
lpc5514jbd100
lpc5514jbd64
lpc55s14jbd64_firmware
lpc5516jbd64_firmware
lpc55s69jbd64_firmware
lpc55s14jbd100
lpc5516jbd64
lpc55s66jbd100
lpc55s28_firmware
lpc5516jbd100_firmware
lpc55s14jbd100_firmware

CWE

NVD-CWE-Other

6.8 /10