Vulnerability Description
NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nxp | Lpc55S69Jbd100 Firmware | - |
| Nxp | Lpc55S69Jbd100 | 0a |
| Nxp | Lpc55S66Jbd100 Firmware | - |
| Nxp | Lpc55S66Jbd100 | 0a |
| Nxp | Lpc55S69Jev98 Firmware | - |
| Nxp | Lpc55S69Jev98 | 0a |
| Nxp | Lpcs66Jev98 Firmware | - |
| Nxp | Lpcs66Jev98 | 0a |
| Nxp | Lpc55S69Jbd64 Firmware | - |
| Nxp | Lpc55S69Jbd64 | 0a |
| Nxp | Lpcs66Jbd64 Firmware | - |
| Nxp | Lpcs66Jbd64 | 0a |
| Nxp | I.Mx Rt500 Firmware | - |
| Nxp | I.Mx Rt500 | b1 |
| Nxp | I.Mx Rt600 Firmware | - |
| Nxp | I.Mx Rt600 | a0 |
| Nxp | Lpc55S28 Firmware | - |
| Nxp | Lpc55S28 | 0a |
| Nxp | Lpc55S26 Firmware | - |
| Nxp | Lpc55S26 | 0a |
References
- https://oxide.computer/blog/lpc55/ExploitThird Party Advisory
- https://www.nxp.comVendor Advisory
- https://oxide.computer/blog/lpc55/ExploitThird Party Advisory
- https://www.nxp.comVendor Advisory
FAQ
What is CVE-2021-31532?
CVE-2021-31532 is a vulnerability with a CVSS score of 6.8 (MEDIUM). NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and...
How severe is CVE-2021-31532?
CVE-2021-31532 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31532?
Check the references section above for vendor advisories and patch information. Affected products include: Nxp Lpc55S69Jbd100 Firmware, Nxp Lpc55S69Jbd100, Nxp Lpc55S66Jbd100 Firmware, Nxp Lpc55S66Jbd100, Nxp Lpc55S69Jev98 Firmware.