CVE-2023-39902

Опубликовано: 17 окт. 2023

Источник: nvd

CVSS3: 7

CVSS3: 7.8

EPSS Низкий

Описание

A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software to execute on the target, leading to privilege escalation. This affects i.MX 8M, i.MX 8M Mini, i.MX 8M Nano, and i.MX 8M Plus.

Ссылки

https://community.nxp.com/t5/i-MX-Security/U-Boot-Secondary-Program-Loader-Authentication-Vulnerability-CVE/ta-p/1736196
Mitigation
Patch
Vendor Advisory
https://nxp.com
Product
https://community.nxp.com/t5/i-MX-Security/U-Boot-Secondary-Program-Loader-Authentication-Vulnerability-CVE/ta-p/1736196
Mitigation
Patch
Vendor Advisory
https://nxp.com
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:nxp:uboot_secondary_program_loader:*:*:*:*:*:*:*:*

Версия до 2023.07 (исключая)

Одно из

cpe:2.3:h:nxp:i.mx_8m:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_8m_mini:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_8m_nano:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_8m_plus:-:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00099

Низкий

7 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-281

Связанные уязвимости

GHSA-cj3f-w95j-x9xv

CVSS3: 7

github

больше 2 лет назад

EPSS

Процентиль: 28%

0.00099

Низкий

7 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-281