CVE-2021-40154

Name of the Vulnerable Software and Affected Versions NXP LPC55S69 devices before A3 NXP Kinetis K82 devices (affected versions not specified)

Description The issue is related to a buffer over-read that occurs when a crafted wlength value is sent in a GET Descriptor Configuration request or a GET Status-Other request during the use of USB In-System Programming (ISP) mode. This results in the disclosure of protected flash memory.

Recommendations For NXP LPC55S69 devices before A3, update to version A3 or later to resolve the issue. For NXP Kinetis K82 devices, at the moment, there is no information about a newer version that contains a fix for this vulnerability.