Lucene search

GitHub_MCVELIST:CVE-2024-38532

HistoryJun 28, 2024 - 9:25 p.m.

CVE-2024-38532 TEST_KEY used in example dcp_tool reference implementation

2024-06-2821:25:42

CWE-321

GitHub_M

www.cve.org

nxp data co-processor

hardware

aes

vulnerability

commit 26a7

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

Percentile

9.1%

JSON

The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its -t argument. This issue has been patched in commit 26a7.

CNA Affected

[
  {
    "vendor": "usbarmory",
    "product": "mxs-dcp",
    "versions": [
      {
        "version": ">= commit 6151, < commit 26a7",
        "status": "affected"
      }
    ]
  }
]

References

github.com/usbarmory/mxs-dcp/commit/e5a99cb3d9429e6145495da7d01525c75af426a7

github.com/usbarmory/mxs-dcp/security/advisories/GHSA-g85c-rh49-p8cq

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-38532