CVE-2022-22819

Published: Mar 23, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update.

Affected (6)

Products: Nxp: Lpc55s66jbd64 Firmware, Lpc55s66jbd100 Firmware, Lpc55s66jev98 Firmware, Lpc55s69jbd64 Firmware, Lpc55s69jbd100 Firmware, Lpc55s69jev98 Firmware

Nxp

6 products

Lpc55s66jbd64 Firmware

Lpc55s66jbd100 Firmware

Lpc55s66jev98 Firmware

Lpc55s69jbd64 Firmware

Lpc55s69jbd100 Firmware

Lpc55s69jev98 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nxp Lpc55s66jbd64 Firmware	All versions

Running on/with	Platform Versions
Nxp Lpc55s66jbd64	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nxp Lpc55s66jbd100 Firmware	All versions

Running on/with	Platform Versions
Nxp Lpc55s66jbd100	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nxp Lpc55s66jev98 Firmware	All versions

Running on/with	Platform Versions
Nxp Lpc55s66jev98	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nxp Lpc55s69jbd64 Firmware	All versions

Running on/with	Platform Versions
Nxp Lpc55s69jbd64	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nxp Lpc55s69jbd100 Firmware	All versions

Running on/with	Platform Versions
Nxp Lpc55s69jbd100	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nxp Lpc55s69jev98 Firmware	All versions

Running on/with	Platform Versions
Nxp Lpc55s69jev98	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.nxp.com

Source: cve@mitre.org

Vendor Advisory

https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.nxp.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.