PT-2022-15694 · Nxp · Lpc55S69Jbd100+5
Laura Abbott
·
Published
2022-03-23
·
Updated
2022-04-15
·
CVE-2022-22819
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
NXP LPC55S66JBD64 version 1B
NXP LPC55S66JBD100 version 1B
NXP LPC55S66JEV98 version 1B
NXP LPC55S69JBD64 version 1B
NXP LPC55S69JBD100 version 1B
NXP LPC55S69JEV98 version 1B
Description
The issue is related to a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update.
Recommendations
For NXP LPC55S66JBD64 version 1B, consider disabling SB2 update parsing until a patch is available.
For NXP LPC55S66JBD100 version 1B, consider disabling SB2 update parsing until a patch is available.
For NXP LPC55S66JEV98 version 1B, consider disabling SB2 update parsing until a patch is available.
For NXP LPC55S69JBD64 version 1B, consider disabling SB2 update parsing until a patch is available.
For NXP LPC55S69JBD100 version 1B, consider disabling SB2 update parsing until a patch is available.
For NXP LPC55S69JEV98 version 1B, consider disabling SB2 update parsing until a patch is available.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lpc55S66Jbd100
Lpc55S66Jbd64
Lpc55S66Jev98
Lpc55S69Jbd100
Lpc55S69Jbd64
Lpc55S69Jev98