CVE-2021-31532 : NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i

NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.

Published 2021-05-06 13:15:13

Updated 2022-07-12 17:42:04

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-31532

NXP » Lpc55s69jbd100 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s69jbd100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s69jbd100 » Version: 0A
When used together with: NXP » Lpc55s69jbd100 » Version: 1B
NXP » Lpc55s66jbd100 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s66jbd100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s66jbd100 » Version: 0A
When used together with: NXP » Lpc55s66jbd100 » Version: 1B
NXP » Lpc55s69jev98 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s69jev98_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s69jev98 » Version: 0A
When used together with: NXP » Lpc55s69jev98 » Version: 1B
NXP » Lpcs66jev98 Firmware » Version: N/A
cpe:2.3:o:nxp:lpcs66jev98_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpcs66jev98 » Version: 0A
When used together with: NXP » Lpcs66jev98 » Version: 1B
NXP » Lpc55s69jbd64 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s69jbd64_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s69jbd64 » Version: 0A
When used together with: NXP » Lpc55s69jbd64 » Version: 1B
NXP » Lpcs66jbd64 Firmware » Version: N/A
cpe:2.3:o:nxp:lpcs66jbd64_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpcs66jbd64 » Version: 0A
When used together with: NXP » Lpcs66jbd64 » Version: 1B
NXP » I.mx Rt500 Firmware » Version: N/A
cpe:2.3:o:nxp:i.mx_rt500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » I.mx Rt500 » Version: B1
When used together with: NXP » I.mx Rt500 » Version: B2
NXP » I.mx Rt600 Firmware » Version: N/A
cpe:2.3:o:nxp:i.mx_rt600_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » I.mx Rt600 » Version: A0
When used together with: NXP » I.mx Rt600 » Version: B0
NXP » Lpc55s28 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s28_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s28 » Version: 0A
When used together with: NXP » Lpc55s28 » Version: 1B
NXP » Lpc55s26 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s26_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s26 » Version: 0A
When used together with: NXP » Lpc55s26 » Version: 1B
NXP » Lpc5528 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc5528_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc5528 » Version: 0A
When used together with: NXP » Lpc5528 » Version: 1B
NXP » Lpc5526 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc5526_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc5526 » Version: 0A
When used together with: NXP » Lpc5526 » Version: 1B
NXP » Lpc55s16jbd100 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s16jbd100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s16jbd100 » Version: 0A
NXP » Lpc55s16jev98 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s16jev98_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s16jev98 » Version: 0A
NXP » Lpc55s16jbd64 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s16jbd64_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s16jbd64 » Version: 0A
NXP » Lpc55s14jbd100 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s14jbd100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s14jbd100 » Version: 0A
NXP » Lpc55s14jbd64 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc55s14jbd64_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc55s14jbd64 » Version: 0A
NXP » Lpc5516jbd100 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc5516jbd100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc5516jbd100 » Version: 0A
NXP » Lpc5516jev98 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc5516jev98_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc5516jev98 » Version: 0A
NXP » Lpc5516jbd64 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc5516jbd64_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc5516jbd64 » Version: 0A
NXP » Lpc5514jbd100 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc5514jbd100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc5514jbd100 » Version: 0A
NXP » Lpc5514jbd64 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc5514jbd64_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc5514jbd64 » Version: 0A
NXP » Lpc5512jbd100 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc5512jbd100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc5512jbd100 » Version: 0A
NXP » Lpc5512jbd64 Firmware » Version: N/A
cpe:2.3:o:nxp:lpc5512jbd64_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: NXP » Lpc5512jbd64 » Version: 0A

Exploit prediction scoring system (EPSS) score for CVE-2021-31532

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 31 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-31532

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2021-31532

https://www.nxp.com

NXP® Semiconductors Official Site | Home
Vendor Advisory

CVEs referencing this url
https://oxide.computer/blog/lpc55/

Oxide Computer Company: Exploiting Undocumented Hardware Blocks in the LPC55S69
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-31532

Products affected by CVE-2021-31532

Exploit prediction scoring system (EPSS) score for CVE-2021-31532

CVSS scores for CVE-2021-31532

References for CVE-2021-31532