Vulnerability CVE-2017-7936


Published: 2017-08-07

Description:
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory.

Vendor: NXP
Product: Vybrid mvf51ns151cmk50 firmware 
Product: I.mx 6dualplus firmware 
Product: Vybrid mvf50ns151cmk40 firmware 
Product: Vybrid mvf60nn151cmk40 firmware 
Product: Vybrid mvf30nn151cku26 firmware 
Product: I.mx 6solo firmware 
Product: I.mx 6ultralite firmware 
Product: Vybrid mvf61ns151cmk50 firmware 
Product: I.mx 6ull firmware 
Product: Vybrid mvf60ns151cmk50 firmware 
Product: I.mx 6solox firmware 
Product: Vybrid mvf50ns151cmk50 firmware 
Product: I.mx 6dual firmware 
Product: Vybrid mvf51nn151cmk50 firmware 
Product: Vybrid mvf60nn151cmk50 firmware 
Product: Vybrid mvf61nn151cmk50 firmware 
Product: I.mx 6sololite firmware 
Product: Vybrid mvf50nn151cmk40 firmware 
Product: Vybrid mvf50nn151cmk50 firmware 
Product: I.mx 50 firmware 
Product: Vybrid mvf60ns151cmk40 firmware 
Product: I.mx 6quadplus firmware 
Product: I.mx 6duallite firmware 
Product: I.mx 53 firmware 
Product: Vybrid mvf62nn151cmk40 firmware 
Product: I.mx 6quad firmware 
Product: Vybrid mvf30ns151cku26 firmware 

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/99966
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02

Copyright 2019, cxsecurity.com

 

Back to Top