Vulnerability Details : CVE-2017-7936
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2017-7936
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-7936
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
|
6.3
|
MEDIUM | CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
0.4
|
5.9
|
NIST |
CWE ids for CVE-2017-7936
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: ics-cert@hq.dhs.gov (Secondary)
References for CVE-2017-7936
-
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02
NXP i.MX Product Family | CISAThird Party Advisory;US Government Resource;VDB Entry
-
http://www.securityfocus.com/bid/99966
Multiple i.MX Products Multiple Local Security VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2017-7936
- cpe:2.3:o:nxp:vybrid_mvf30nn151cku26_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf30ns151cku26_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf50nn151cmk40_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf50nn151cmk50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf50ns151cmk40_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf50ns151cmk50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf51nn151cmk50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf51ns151cmk50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf60nn151cmk40_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf60ns151cmk40_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf60nn151cmk50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf60ns151cmk50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf61nn151cmk50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf61ns151cmk50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:vybrid_mvf62nn151cmk40_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_53_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_6ull_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_6ultralite_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_6sololite_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_6solo_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_6duallite_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_6solox_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_6dual_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_6quad_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_6quadplus_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:nxp:i.mx_6dualplus_firmware:-:*:*:*:*:*:*:*