Vulnerabilities > NXP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-17 | CVE-2023-39902 | Improper Preservation of Permissions vulnerability in NXP Uboot Secondary Program Loader A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. | 7.8 |
| 2022-11-18 | CVE-2022-45163 | Information Exposure Through Discrepancy vulnerability in NXP products An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. | 4.6 |
| 2022-05-03 | CVE-2021-22680 | Integer Overflow or Wraparound vulnerability in NXP MQX 5.1 NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. | 7.5 |
| 2022-05-03 | CVE-2021-27421 | Integer Overflow or Wraparound vulnerability in NXP Mcuxpresso Software Development KIT 2.2.1/2.7.0 NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc. | 7.5 |
| 2022-03-23 | CVE-2022-22819 | Classic Buffer Overflow vulnerability in NXP products NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. | 6.8 |
| 2021-12-01 | CVE-2021-40154 | Out-of-bounds Read vulnerability in NXP products NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. | 2.1 |
| 2021-12-01 | CVE-2021-44479 | Out-of-bounds Read vulnerability in NXP Kinetis K82 Firmware NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. | 2.1 |
| 2021-10-25 | CVE-2021-38258 | Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.7.0 NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). | 4.6 |
| 2021-10-25 | CVE-2021-38260 | Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.7.0 NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor(). | 4.6 |
| 2021-06-06 | CVE-2021-33881 | Incorrect Authorization vulnerability in NXP products On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. | 1.9 |