PT-2023-27143 · Nxp · Nxp I.Mx 8M Nano+3
Published
2023-10-17
·
Updated
2023-10-24
·
CVE-2023-39902
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
U-Boot Secondary Program Loader (SPL) versions prior to 2023.07
Description
A software issue has been identified in the U-Boot Secondary Program Loader (SPL) on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software to execute on the target, leading to privilege escalation. This affects i.MX 8M, i.MX 8M Mini, i.MX 8M Nano, and i.MX 8M Plus.
Recommendations
For versions prior to 2023.07, update to version 2023.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the SPL to minimize the risk of exploitation. Avoid using crafted Flattened Image Tree (FIT) format structures until the issue is resolved.
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nxp I.Mx 8M
Nxp I.Mx 8M Mini
Nxp I.Mx 8M Nano
Nxp I.Mx 8M Plus