Vulnerabilites related to nxp - i.mx_6ull_firmware
CVE-2017-7936 (GCVE-0-2017-7936)
Vulnerability from cvelistv5
Published
2017-08-07 08:00
Modified
2024-08-05 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NXP i.MX Product Family |
Version: NXP i.MX Product Family |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
},
{
"name": "99966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NXP i.MX Product Family",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "NXP i.MX Product Family"
}
]
}
],
"datePublic": "2017-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T09:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
},
{
"name": "99966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NXP i.MX Product Family",
"version": {
"version_data": [
{
"version_value": "NXP i.MX Product Family"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
},
{
"name": "99966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-7936",
"datePublished": "2017-08-07T08:00:00",
"dateReserved": "2017-04-18T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45163 (GCVE-0-2022-45163)
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2025-04-30 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://research.nccgroup.com/category/technical-advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://nxp.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.nccgroup.com/2022/11/17/cve-2022-45163/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T14:38:25.052695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:38:50.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:P/A:N/C:H/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://research.nccgroup.com/category/technical-advisory/"
},
{
"url": "https://nxp.com"
},
{
"url": "https://research.nccgroup.com/2022/11/17/cve-2022-45163/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45163",
"datePublished": "2022-11-18T00:00:00.000Z",
"dateReserved": "2022-11-11T00:00:00.000Z",
"dateUpdated": "2025-04-30T14:38:50.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7932 (GCVE-0-2017-7932)
Vulnerability from cvelistv5
Published
2017-08-07 08:00
Modified
2024-08-05 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NXP i.MX Product Family |
Version: NXP i.MX Product Family |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
},
{
"name": "99966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NXP i.MX Product Family",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "NXP i.MX Product Family"
}
]
}
],
"datePublic": "2017-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T09:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
},
{
"name": "99966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NXP i.MX Product Family",
"version": {
"version_data": [
{
"version_value": "NXP i.MX Product Family"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
},
{
"name": "99966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-7932",
"datePublished": "2017-08-07T08:00:00",
"dateReserved": "2017-04-18T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-08-07 08:29
Modified
2025-04-20 01:37
Severity ?
Summary
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/99966 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 | Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99966 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 | Third Party Advisory, US Government Resource, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf30nn151cku26_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82ABEF1B-6B93-48B5-B34B-1D155EC55ED8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf30nn151cku26:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70A93AF1-F85B-43AC-8D9B-98E47B6B001E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf30ns151cku26_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B81B61-456E-4359-AD6B-2317376AB24C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf30ns151cku26:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D98873-7A8C-449D-A044-B05887A890E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf50nn151cmk40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D26C9279-3069-4093-BA96-2CB70AEDD2F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf50nn151cmk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C674A05-5443-402D-B508-62EF31AD15BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf50nn151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5C139B-A4DC-414C-B278-ED4E5F5492C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf50nn151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F14598B-FD3C-4CFC-8DBE-FC1EA733731C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf50ns151cmk40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1A6ACE-A4B5-48DE-ACE4-DF50A928DE3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf50ns151cmk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49CA505E-6B28-41C9-93B0-7406F489BDB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf50ns151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78300258-A011-4920-B39C-7B8C0412C921",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf50ns151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C271C7-E84F-4BF8-AB80-9934BB0A5FCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf51nn151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40BA42E1-0931-4ECC-8A90-8485D6071158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf51nn151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A843151-9A62-4515-A82A-E798DD89EFF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf51ns151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E296D84B-F3E5-4FBE-AA21-E8FDFB12F448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf51ns151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DD4EB6-9AC7-40AD-BFE2-EE9AB100F666",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf60nn151cmk40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DBF157-B729-4FE0-87E2-075C6154CCA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf60nn151cmk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD55202-ABCF-4B87-963D-476507A721FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf60ns151cmk40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE02CB27-F9E9-46EC-8D66-93482390B6FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf60ns151cmk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD1ACEE-674D-4ECF-BDA5-A371B57DF38F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf60nn151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "902E393B-EDC6-4814-B712-C218BED08866",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf60nn151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADF82AB-BC34-4CE0-B5E6-9AB40241FFD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf60ns151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEE62D2-1F7D-4083-BB14-0BFA6B8F5A8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf60ns151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87BB6B2-BB8B-4264-90F3-EE2E7B63F73B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf61nn151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42B4DE7F-2141-4954-8A5A-1CA9FC61CA01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf61nn151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A401CC61-AB8A-4AC4-B50B-4953660E9CD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf61ns151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "881A99E8-BC43-4C28-A394-83171519F1C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf61ns151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7921E65C-2824-446A-8BC3-563A68808270",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf62nn151cmk40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B3ABED-465D-4897-9EC4-3E6AF1A7519A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf62nn151cmk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A0B17-65C1-44AF-A686-04FBFB5C1AE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F523DEA-C0B0-4268-9F6A-E48282A32A8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA014971-DCCC-4B8D-8653-DD3A158B8A1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_53_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14B5CAEA-5120-4089-8E31-0BC959EFF849",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_53:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0496E7EB-4D37-4333-A854-A8D45B8A86D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6ull_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF45AD7-B959-452C-81CB-FD9A40D11378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CD0D2A-C1A5-4771-ADAB-70375BF06670",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6ultralite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3ECF45-3884-4AEF-B26E-72DA6E43F49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ultralite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A59F6D-0000-4E82-8F16-BC9BC946A7B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6sololite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25507E5C-FCAC-46E1-A90F-B9AE7D554F76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6sololite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C42AF58-A53F-4307-A381-CD1A511F4569",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6solo_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76C3C4-0030-4C52-BCDE-D4D963C2B511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6solo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A69747C-AE47-4219-8892-461341151E6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6duallite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28AF0906-B8CE-40FE-BEE0-03A814C55B0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6duallite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F40FEC3-EBBC-4B1D-9677-23B3A6D89B91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6solox_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCB98D4-51CD-45AB-8C5D-79989A083946",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71631A11-FB49-4335-BB1B-47EB9061F47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6dual_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "042E76C8-94AD-4F30-AFDC-D6E4C3F49FF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6dual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74D9AB2D-303F-4C16-A584-0812DE52C7EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6quad_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A062D5CA-B204-4209-A398-343E191A4AE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6quad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C69EB9-C38F-41AF-B1A6-0E7BB841BA58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6quadplus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0BC58B-DFD5-465A-AB3D-724DD05B6199",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6quadplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "623866FF-4E6B-48F8-B601-09AB288294D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6dualplus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77688E97-E680-445E-B291-CEABBF0AC460",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6dualplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB41F948-3B57-4462-9FF5-890FBD038E66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory."
},
{
"lang": "es",
"value": "Se ha descubierto un error de desbordamiento de b\u00fafer basado en pila en NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, y Vybrid VF6xx. Cuando el dispositivo est\u00e1 configurado con opciones con seguridad habilitadas, se podr\u00eda utilizar SDP para descargar una peque\u00f1a secci\u00f3n de c\u00f3digo en una parte desprotegida de memoria."
}
],
"id": "CVE-2017-7936",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T08:29:00.353",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99966"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-18 23:15
Modified
2025-04-30 15:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://nxp.com | Product | |
| cve@mitre.org | https://research.nccgroup.com/2022/11/17/cve-2022-45163/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://research.nccgroup.com/category/technical-advisory/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nxp.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.nccgroup.com/2022/11/17/cve-2022-45163/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.nccgroup.com/category/technical-advisory/ | Exploit, Technical Description, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97F1F456-E167-4D6F-BD0F-8BE02D8334E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3D9F06-FBAB-4271-81AF-D135995BC7CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6dual_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "042E76C8-94AD-4F30-AFDC-D6E4C3F49FF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6dual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74D9AB2D-303F-4C16-A584-0812DE52C7EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6duallite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28AF0906-B8CE-40FE-BEE0-03A814C55B0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6duallite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F40FEC3-EBBC-4B1D-9677-23B3A6D89B91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6dualplus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77688E97-E680-445E-B291-CEABBF0AC460",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6dualplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB41F948-3B57-4462-9FF5-890FBD038E66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6quad_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A062D5CA-B204-4209-A398-343E191A4AE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6quad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C69EB9-C38F-41AF-B1A6-0E7BB841BA58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6quadplus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0BC58B-DFD5-465A-AB3D-724DD05B6199",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6quadplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "623866FF-4E6B-48F8-B601-09AB288294D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6solo_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76C3C4-0030-4C52-BCDE-D4D963C2B511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6solo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A69747C-AE47-4219-8892-461341151E6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6sololite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25507E5C-FCAC-46E1-A90F-B9AE7D554F76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6sololite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C42AF58-A53F-4307-A381-CD1A511F4569",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6solox_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCB98D4-51CD-45AB-8C5D-79989A083946",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71631A11-FB49-4335-BB1B-47EB9061F47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6ull_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF45AD7-B959-452C-81CB-FD9A40D11378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CD0D2A-C1A5-4771-ADAB-70375BF06670",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6ultralite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3ECF45-3884-4AEF-B26E-72DA6E43F49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ultralite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A59F6D-0000-4E82-8F16-BC9BC946A7B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6ulz_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7572762F-F69A-42FD-A16C-A831C18E2F54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ulz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB61DF-AE1E-4073-89F3-86194D2B8C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_7dual_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079CC43E-F536-4C7A-BB92-DA2B0C051680",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_7dual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F7AFD4-FE4A-4D1F-9944-BF67D77E8E5D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_7solo_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7206B367-4736-4045-8468-C39A41A8435C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_7solo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63F78E63-D311-4D82-A0CE-5A756D469396",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_7ulp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E548183E-FD55-4483-AA6C-D7E5869C8449",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_7ulp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D97BB820-55FF-4852-852B-92270D999564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_8m_mini_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF734E60-E83D-4388-962E-69FC53D2FF7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_8m_mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1822E0E-4DF8-411F-A890-D748F2124869",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_8m_quad_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0207759A-0914-45EF-BF28-357A3A3C8168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_8m_quad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8FD196-4DC4-4B60-8B39-FD4AAE016E38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_8m_vybrid_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EA5E75-91F9-4D67-A21D-3C346777168E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_8m_vybrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA942EF-73DC-4D03-B160-C28943157BFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_rt1010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "766EB181-7DFB-4EEE-A6CE-B08C3AA7FA96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_rt1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "980986F1-98ED-4584-8AE3-4993852557E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_rt1015_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D354D258-CB10-4A49-9047-94E83F4B917A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_rt1015:-:*:*:*:*:*:*:*",
"matchCriteriaId": "350AEDA2-3B0D-423F-8C6C-48C4C70FE51A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_rt1020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6900DD-6233-461B-8774-A63DAFF9D4C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_rt1020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13E0EB3F-D1FA-4B82-8494-F067E2FE0933",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_rt1050_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDC51BD-BF4E-44D2-9443-2F75DF37CDE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_rt1050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4872031C-1F8D-4E42-B8E1-D85E3EE5E8C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_rt1060_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "868F2F82-E41F-4480-ADF3-DBCA6432782F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_rt1060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9476F4D-3676-4AE6-88BF-41E50FCD5839",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en dispositivos NXP seleccionados cuando se configuran en modo Serial Download Protocol (SDP):i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, y Vybrid. En una configuraci\u00f3n habilitada para la seguridad del dispositivo, el contenido de la memoria podr\u00eda potencialmente filtrarse a atacantes f\u00edsicamente pr\u00f3ximos a trav\u00e9s del puerto SDP respectivo en ataques de arranque en fr\u00edo y en caliente. (La mitigaci\u00f3n recomendada es desactivar completamente el modo SDP programando un eFUSE programable por \u00fanica vez. Los clientes pueden comunicarse con NXP para obtener informaci\u00f3n adicional)."
}
],
"id": "CVE-2022-45163",
"lastModified": "2025-04-30T15:15:59.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-18T23:15:29.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://nxp.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2022/11/17/cve-2022-45163/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/category/technical-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://nxp.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2022/11/17/cve-2022-45163/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/category/technical-advisory/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 08:29
Modified
2025-04-20 01:37
Severity ?
Summary
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/99966 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 | Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99966 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 | Third Party Advisory, US Government Resource, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf30nn151cku26_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82ABEF1B-6B93-48B5-B34B-1D155EC55ED8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf30nn151cku26:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70A93AF1-F85B-43AC-8D9B-98E47B6B001E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf30ns151cku26_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B81B61-456E-4359-AD6B-2317376AB24C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf30ns151cku26:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D98873-7A8C-449D-A044-B05887A890E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf50nn151cmk40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D26C9279-3069-4093-BA96-2CB70AEDD2F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf50nn151cmk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C674A05-5443-402D-B508-62EF31AD15BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf50nn151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5C139B-A4DC-414C-B278-ED4E5F5492C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf50nn151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F14598B-FD3C-4CFC-8DBE-FC1EA733731C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf50ns151cmk40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1A6ACE-A4B5-48DE-ACE4-DF50A928DE3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf50ns151cmk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49CA505E-6B28-41C9-93B0-7406F489BDB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf50ns151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78300258-A011-4920-B39C-7B8C0412C921",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf50ns151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C271C7-E84F-4BF8-AB80-9934BB0A5FCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf51nn151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40BA42E1-0931-4ECC-8A90-8485D6071158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf51nn151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A843151-9A62-4515-A82A-E798DD89EFF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf51ns151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E296D84B-F3E5-4FBE-AA21-E8FDFB12F448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf51ns151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DD4EB6-9AC7-40AD-BFE2-EE9AB100F666",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf60nn151cmk40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DBF157-B729-4FE0-87E2-075C6154CCA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf60nn151cmk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD55202-ABCF-4B87-963D-476507A721FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf60ns151cmk40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE02CB27-F9E9-46EC-8D66-93482390B6FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf60ns151cmk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD1ACEE-674D-4ECF-BDA5-A371B57DF38F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf60nn151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "902E393B-EDC6-4814-B712-C218BED08866",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf60nn151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADF82AB-BC34-4CE0-B5E6-9AB40241FFD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf60ns151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEE62D2-1F7D-4083-BB14-0BFA6B8F5A8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf60ns151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87BB6B2-BB8B-4264-90F3-EE2E7B63F73B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf61nn151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42B4DE7F-2141-4954-8A5A-1CA9FC61CA01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf61nn151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A401CC61-AB8A-4AC4-B50B-4953660E9CD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf61ns151cmk50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "881A99E8-BC43-4C28-A394-83171519F1C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf61ns151cmk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7921E65C-2824-446A-8BC3-563A68808270",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:vybrid_mvf62nn151cmk40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B3ABED-465D-4897-9EC4-3E6AF1A7519A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:vybrid_mvf62nn151cmk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A0B17-65C1-44AF-A686-04FBFB5C1AE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F523DEA-C0B0-4268-9F6A-E48282A32A8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA014971-DCCC-4B8D-8653-DD3A158B8A1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_53_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14B5CAEA-5120-4089-8E31-0BC959EFF849",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_53:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0496E7EB-4D37-4333-A854-A8D45B8A86D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6ull_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF45AD7-B959-452C-81CB-FD9A40D11378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CD0D2A-C1A5-4771-ADAB-70375BF06670",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6ultralite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3ECF45-3884-4AEF-B26E-72DA6E43F49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ultralite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A59F6D-0000-4E82-8F16-BC9BC946A7B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6sololite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25507E5C-FCAC-46E1-A90F-B9AE7D554F76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6sololite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C42AF58-A53F-4307-A381-CD1A511F4569",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6solo_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76C3C4-0030-4C52-BCDE-D4D963C2B511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6solo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A69747C-AE47-4219-8892-461341151E6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6duallite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28AF0906-B8CE-40FE-BEE0-03A814C55B0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6duallite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F40FEC3-EBBC-4B1D-9677-23B3A6D89B91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6solox_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCB98D4-51CD-45AB-8C5D-79989A083946",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71631A11-FB49-4335-BB1B-47EB9061F47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6dual_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "042E76C8-94AD-4F30-AFDC-D6E4C3F49FF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6dual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74D9AB2D-303F-4C16-A584-0812DE52C7EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6quad_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A062D5CA-B204-4209-A398-343E191A4AE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6quad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C69EB9-C38F-41AF-B1A6-0E7BB841BA58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6quadplus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0BC58B-DFD5-465A-AB3D-724DD05B6199",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6quadplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "623866FF-4E6B-48F8-B601-09AB288294D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6dualplus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77688E97-E680-445E-B291-CEABBF0AC460",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6dualplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB41F948-3B57-4462-9FF5-890FBD038E66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_28_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87A416B6-B9A4-4408-8848-214E8947FB78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_28:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCEECEEB-834C-4A3C-B907-92836250CC80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_7dual_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079CC43E-F536-4C7A-BB92-DA2B0C051680",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_7dual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F7AFD4-FE4A-4D1F-9944-BF67D77E8E5D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_7solo_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7206B367-4736-4045-8468-C39A41A8435C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_7solo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63F78E63-D311-4D82-A0CE-5A756D469396",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de validaci\u00f3n incorrecta de certificados en NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, y i.MX 6QuadPlus. Cuando el dispositivo est\u00e1 configurado con opciones de seguridad habilitadas, bajo algunas condiciones es posible eludir la verificaci\u00f3n de firma utilizando un certificado especialmente manipulado que lleva a la ejecuci\u00f3n de una imagen sin firmar."
}
],
"id": "CVE-2017-7932",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T08:29:00.307",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99966"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}