CVE-2021-40154
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD
Description
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.
Affected (3)
Configuration A
| Running on/with | Platform Versions |
|---|---|
Nxp Lpc55s69jbd100 | Version 0a |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Lpc55s69jbd100 | Version 1b |
Configuration C
| Running on/with | Platform Versions |
|---|---|
Nxp Lpc55s69jbd64 | Version 0a |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Lpc55s69jbd64 | Version 1b |
Configuration E
| Running on/with | Platform Versions |
|---|---|
Nxp Lpc55s69jev98 | Version 0a |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Lpc55s69jev98 | Version 1b |
References (4)
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Timeline
No history available yet.