Vulnerability CVE-2017-7936
Published: 2017-08-07

Description:
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory.

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
NXP -> I.mx 6quad firmware 
NXP -> I.mx 6dualplus firmware 
NXP -> Vybrid mvf60nn151cmk50 firmware 
NXP -> Vybrid mvf50nn151cmk40 firmware 
NXP -> Vybrid mvf60nn151cmk40 firmware 
NXP -> I.mx 6ultralite firmware 
NXP -> I.mx 50 firmware 
NXP -> I.mx 6duallite firmware 
NXP -> I.mx 6ull firmware 
NXP -> Vybrid mvf50ns151cmk50 firmware 
NXP -> Vybrid mvf62nn151cmk40 firmware 
NXP -> Vybrid mvf51ns151cmk50 firmware 
NXP -> Vybrid mvf51nn151cmk50 firmware 
NXP -> I.mx 6sololite firmware 
NXP -> Vybrid mvf50ns151cmk40 firmware 
NXP -> I.mx 6solo firmware 
NXP -> Vybrid mvf50nn151cmk50 firmware 
NXP -> I.mx 6quadplus firmware 
NXP -> Vybrid mvf61ns151cmk50 firmware 
NXP -> I.mx 6solox firmware 
NXP -> I.mx 53 firmware 
NXP -> Vybrid mvf30ns151cku26 firmware 
NXP -> I.mx 6dual firmware 
NXP -> Vybrid mvf61nn151cmk50 firmware 
NXP -> Vybrid mvf30nn151cku26 firmware 
NXP -> Vybrid mvf60ns151cmk40 firmware 
NXP -> Vybrid mvf60ns151cmk50 firmware 

 References:
http://www.securityfocus.com/bid/99966
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02
Copyright 2024, cxsecurity.com

 

Back to Top