Vulnerabilities > NXP

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-31532 Unspecified vulnerability in NXP products
NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.
local
low complexity
nxp
4.6
2021-01-07 CVE-2021-3011 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9.
high complexity
yubico nxp ftsafe google CWE-670
4.2
2020-02-12 CVE-2019-17519 Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.2.1
The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet.
low complexity
nxp CWE-120
8.8
2020-02-10 CVE-2019-17060 Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.2.1
The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero.
low complexity
nxp CWE-120
6.5
2019-09-24 CVE-2019-14239 Improper Authentication vulnerability in NXP products
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register.
local
low complexity
nxp CWE-287
4.6
2019-09-12 CVE-2019-14237 Incorrect Authorization vulnerability in NXP products
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution.
network
low complexity
nxp CWE-863
7.5
2017-08-07 CVE-2017-7936 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NXP products
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx.
local
nxp CWE-119
4.4
2017-08-07 CVE-2017-7932 Improper Certificate Validation vulnerability in NXP products
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus.
local
nxp CWE-295
4.4