CVE-2022-22819 - Vulnerability Details

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nxp	Lpc55s66jbd100 Lpc55s66jbd100 Firmware Lpc55s66jbd64 Lpc55s66jbd64 Firmware Lpc55s66jev98 Lpc55s66jev98 Firmware Lpc55s69jbd100 Lpc55s69jbd100 Firmware Lpc55s69jbd64 Lpc55s69jbd64 Firmware Lpc55s69jev98 Lpc55s69jev98 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:nxp:lpc55s66jbd64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s66jbd64:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:nxp:lpc55s66jbd100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s66jbd100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:nxp:lpc55s66jev98_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s66jev98:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:nxp:lpc55s69jbd64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s69jbd64:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:nxp:lpc55s69jbd100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s69jbd100:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:nxp:lpc55s69jev98_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:lpc55s69jev98:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom
https://www.nxp.com

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-03-23T21:13:46

Updated: 2024-08-03T03:21:49.121Z

Reserved: 2022-01-07T00:00:00

Link: CVE-2022-22819

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-03-23T22:15:13.097

Modified: 2024-11-21T06:47:30.853

Link: CVE-2022-22819

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object