Lucene search

[email protected]CVE-2023-39902

HistoryOct 17, 2023 - 12:15 p.m.

CVE-2023-39902

2023-10-1712:15:09

CWE-281

[email protected]

web.nvd.nist.gov

cve-2023-39902

u-boot

spl

nxp i.mx 8m

vulnerability

software

privilege escalation

security

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software to execute on the target, leading to privilege escalation. This affects i.MX 8M, i.MX 8M Mini, i.MX 8M Nano, and i.MX 8M Plus.

Affected configurations

NVD

Node

nxpi.mx_8mMatch-

nxpi.mx_8m_miniMatch-

nxpi.mx_8m_nanoMatch-

nxpi.mx_8m_plusMatch-

AND

nxpuboot_secondary_program_loaderRange<2023.07

CPENameOperatorVersion
nxp:uboot_secondary_program_loadernxp uboot secondary program loaderlt2023.07

CPE	Name	Operator	Version
nxp:uboot_secondary_program_loader	nxp uboot secondary program loader	lt	2023.07

References

community.nxp.com/t5/i-MX-Security/U-Boot-Secondary-Program-Loader-Authentication-Vulnerability-CVE/ta-p/1736196

nxp.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-39902

prion1 nvd1 cvelist1