CVE-2021-31532

Name of the Vulnerable Software and Affected Versions NXP LPC55S6x microcontrollers versions 0A and 1B i.MX RT500 versions silicon rev B1 and B2 i.MX RT600 versions silicon rev A0 and B0 LPC55S6x (affected versions not specified) LPC55S2x (affected versions not specified) LPC552x versions silicon rev 0A and 1B LPC55S1x (affected versions not specified) LPC551x versions silicon rev 0A LPC55S0x (affected versions not specified) LPC550x versions silicon rev 0A

Description The issue concerns an undocumented ROM patch peripheral in certain NXP microcontrollers that allows unsigned, non-persistent modification of the internal ROM. This peripheral is accessible from any execution mode. The ROM includes APIs for flash and in-application programming operations, which an attacker can modify from a non-secure, unprivileged context to potentially achieve privilege escalation and arbitrary code execution.

Recommendations For NXP LPC55S6x microcontrollers versions 0A and 1B, consider restricting access to the undocumented ROM patch peripheral until a patch is available. For i.MX RT500 versions silicon rev B1 and B2, restrict access to the ROM APIs to minimize the risk of exploitation. For i.MX RT600 versions silicon rev A0 and B0, avoid using the ROM patch peripheral in non-secure, unprivileged contexts. For LPC552x versions silicon rev 0A and 1B, consider disabling the ROM patch peripheral as a temporary workaround. For LPC551x versions silicon rev 0A, restrict access to the ROM APIs to prevent potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.