NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update.
References
Link | Resource |
---|---|
https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom | Exploit Third Party Advisory |
https://www.nxp.com | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
15 Apr 2022, 18:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
30 Mar 2022, 19:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 | |
References | (MISC) https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom - Exploit, Third Party Advisory | |
References | (MISC) https://www.nxp.com - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
First Time |
Nxp lpc55s66jbd64
Nxp lpc55s66jbd100 Nxp lpc55s69jbd100 Firmware Nxp lpc55s66jev98 Firmware Nxp lpc55s66jbd64 Firmware Nxp lpc55s66jev98 Nxp lpc55s69jbd64 Firmware Nxp lpc55s69jev98 Firmware Nxp lpc55s69jbd100 Nxp lpc55s69jbd64 Nxp Nxp lpc55s69jev98 Nxp lpc55s66jbd100 Firmware |
|
CPE | cpe:2.3:o:nxp:lpc55s69jev98_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nxp:lpc55s66jbd100_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:nxp:lpc55s69jbd64:-:*:*:*:*:*:*:* cpe:2.3:o:nxp:lpc55s69jbd100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nxp:lpc55s66jbd64_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:nxp:lpc55s66jev98:-:*:*:*:*:*:*:* cpe:2.3:h:nxp:lpc55s69jbd100:-:*:*:*:*:*:*:* cpe:2.3:h:nxp:lpc55s69jev98:-:*:*:*:*:*:*:* cpe:2.3:o:nxp:lpc55s66jev98_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nxp:lpc55s69jbd64_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:nxp:lpc55s66jbd100:-:*:*:*:*:*:*:* cpe:2.3:h:nxp:lpc55s66jbd64:-:*:*:*:*:*:*:* |
23 Mar 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-23 22:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-22819
Mitre link : CVE-2022-22819
CVE.ORG link : CVE-2022-22819
JSON object : View
Products Affected
nxp
- lpc55s66jev98
- lpc55s69jbd64
- lpc55s66jbd64
- lpc55s69jbd64_firmware
- lpc55s66jev98_firmware
- lpc55s69jbd100
- lpc55s69jev98_firmware
- lpc55s66jbd100
- lpc55s69jbd100_firmware
- lpc55s69jev98
- lpc55s66jbd100_firmware
- lpc55s66jbd64_firmware
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')