PT-2019-13552 · Nxp · Kinetis Kv1X+2

Published

2019-09-12

Updated

2019-09-16

CVE-2019-14237

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices (affected versions not specified)

Description The issue concerns the Flash Access Controls (FAC) method, which is a software IP protection technique for execute-only access. It can be bypassed by monitoring CPU registers and analyzing the effects of code or instruction execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2019-14237

Affected Products

Kinetis K8X

Kinetis Kv1X

Kinetis Kv3X

PT-2019-13552 · Nxp · Kinetis Kv1X+2

CVE-2019-14237

Weakness Enumeration

Related Identifiers

Affected Products

References · 2