Latest Nxp Vulnerabilities

CVE-2023-39902
A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tr...
Nxp Uboot Secondary Program Loader<2023.07
NXP i.MX 8M
Nxp I.mx 8m Mini
Nxp I.mx 8m Nano
Nxp I.mx 8m Plus
CVE-2021-22680
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, result...
NXP MQX<=5.1
Multiple Amazon FreeRTOS, Version 10.4.1
Multiple Apache Nuttx OS, Version 9.1.0
Multiple ARM CMSIS-RTOS2, versions prior to 2.1.3
Multiple ARM Mbed OS, Version 6.3.0
Multiple ARM mbed-ualloc, Version 1.3.0
and 24 more
CVE-2021-27421
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to u...
Nxp Mcuxpresso Software Development Kit<2.8.2
Multiple Amazon FreeRTOS, Version 10.4.1
Multiple Apache Nuttx OS, Version 9.1.0
Multiple ARM CMSIS-RTOS2, versions prior to 2.1.3
Multiple ARM Mbed OS, Version 6.3.0
Multiple ARM mbed-ualloc, Version 1.3.0
and 24 more
CVE-2022-22819
NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature ...
Nxp Lpc55s66jbd64 Firmware
NXP LPC55S66JBD64
Nxp Lpc55s66jbd100 Firmware
Nxp Lpc55s66jbd100
Nxp Lpc55s66jev98 Firmware
Nxp Lpc55s66jev98
and 6 more
CVE-2021-44149
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resu...
Linaro OP-TEE<=3.15.0
Nxp I.mx 6ultralite
CVE-2021-36133
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/wri...
Linaro OP-TEE
Nxp I.mx 6
Nxp I.mx 6solox
Nxp I.mx 6ull
Nxp I.mx 6ulz
Nxp I.mx 7ds
and 1 more
CVE-2021-44479
NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.
Nxp Kinetis K82 Firmware
NXP Kinetis K82
CVE-2021-38260
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
Nxp Mcuxpresso Software Development Kit=2.7.0
CVE-2021-38258
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
Nxp Mcuxpresso Software Development Kit=2.7.0
CVE-2021-33881
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends ...
Nxp Mifare Ultralight Ev1 Firmware
Nxp Mifare Ultralight Ev1
Nxp Mifare Ultralight C Firmware
Nxp Mifare Ultralight C
Nxp Mifare Ultralight Nano Firmware
Nxp Mifare Ultralight Nano
and 10 more
CVE-2021-31532
NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and...
Nxp Lpc55s69jbd100 Firmware
Nxp Lpc55s69jbd100=0a
Nxp Lpc55s69jbd100=1b
Nxp Lpc55s66jbd100 Firmware
Nxp Lpc55s66jbd100=0a
Nxp Lpc55s66jbd100=1b
and 54 more
CVE-2021-3011
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attacker...
Ftsafe K13
Ftsafe K21
Ftsafe K40
Ftsafe K9
Google Titan Security Key
Nxp 3a081
and 39 more
CVE-2019-17519
The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflo...
Nxp Mcuxpresso Software Development Kit<=2.2.1
Nxp Kw31z
Nxp Kw34
Nxp Kw35
Nxp Kw36
Nxp Kw37
and 3 more
CVE-2019-17060
The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer head...
Nxp Mcuxpresso Software Development Kit<=2.2.1
Nxp Kw31z
Nxp Kw34
Nxp Kw35
Nxp Kw36
Nxp Kw37
and 3 more
CVE-2019-14239
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction insid...
Nxp Kinetis Kv1x Firmware
NXP Kinetis KV1x
Nxp Kinetis Kv3x Firmware
Nxp Kinetis Kv3x
Nxp Kinetis K8x Firmware
Nxp Kinetis K8x
CVE-2019-14237
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the eff...
Nxp Kinetis Kv1x Firmware
NXP Kinetis KV1x
Nxp Kinetis Kv3x Firmware
Nxp Kinetis Kv3x
Nxp Kinetis K8x Firmware
Nxp Kinetis K8x

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203