CVE-2023-39902
Summary
| CVE | CVE-2023-39902 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-17 12:15:00 UTC |
| Updated | 2023-10-24 19:30:00 UTC |
| Description | A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software to execute on the target, leading to privilege escalation. This affects i.MX 8M, i.MX 8M Mini, i.MX 8M Nano, and i.MX 8M Plus. |
Risk And Classification
Problem Types: CWE-281
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Nxp | I.mx 8m | - | All | All | All |
| Hardware | Nxp | I.mx 8m Mini | - | All | All | All |
| Hardware | Nxp | I.mx 8m Nano | - | All | All | All |
| Hardware | Nxp | I.mx 8m Plus | - | All | All | All |
| Operating System | Nxp | Uboot Secondary Program Loader | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Automotive, IoT & Industrial Solutions | NXP Semiconductors | MISC | nxp.com | |
| U-Boot Secondary Program Loader Authentication Vul... - NXP Community | MISC | community.nxp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.