Vulnerabilities > NXP

DATE CVE VULNERABILITY TITLE RISK
2023-10-17 CVE-2023-39902 Improper Preservation of Permissions vulnerability in NXP Uboot Secondary Program Loader
A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors.
local
low complexity
nxp CWE-281
7.8
2022-11-18 CVE-2022-45163 Information Exposure Through Discrepancy vulnerability in NXP products
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid.
low complexity
nxp CWE-203
4.6
2022-05-03 CVE-2021-22680 Integer Overflow or Wraparound vulnerability in NXP MQX 5.1
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions.
network
low complexity
nxp CWE-190
7.5
2022-05-03 CVE-2021-27421 Integer Overflow or Wraparound vulnerability in NXP Mcuxpresso Software Development KIT 2.2.1/2.7.0
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc.
network
low complexity
nxp CWE-190
7.5
2022-03-23 CVE-2022-22819 Classic Buffer Overflow vulnerability in NXP products
NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified.
network
nxp CWE-120
6.8
2021-12-01 CVE-2021-40154 Out-of-bounds Read vulnerability in NXP products
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode.
local
low complexity
nxp CWE-125
2.1
2021-12-01 CVE-2021-44479 Out-of-bounds Read vulnerability in NXP Kinetis K82 Firmware
NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode.
local
low complexity
nxp CWE-125
2.1
2021-10-25 CVE-2021-38258 Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.7.0
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
local
low complexity
nxp CWE-120
4.6
2021-10-25 CVE-2021-38260 Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.7.0
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
local
low complexity
nxp CWE-120
4.6
2021-06-06 CVE-2021-33881 Incorrect Authorization vulnerability in NXP products
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism.
local
nxp CWE-863
1.9