FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

LPC55Sxx SB2 loader vulnerability

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LPC55Sxx SB2 loader vulnerability

LPC55Sxx SB2 loader vulnerability

A vulnerability (CVE-2022-22819) has been identified on select NXP processors by which a malformed SB2 file header sent to the device as part of an update or recovery boot can be used to create a buffer overflow. The buffer overflow can then be used to launch various exploits.

Refer to the attached bulletin for more information.

 

09/26/2022 - Bulletin updated to include fix datecode information.

11/01/2022 - Bulletin updated with clarification that mixed datecodes are RT600 only.

 

 

Attachments
Was this article helpful? Yes No
%3CLINGO-SUB%20id%3D%22lingo-sub-1433661%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ELPC55Sxx%20SB2%20loader%20vulnerability%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1433661%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%0A%3CP%3EA%20vulnerability%20(CVE-2022-22819)%20has%20been%20identified%20on%20select%20NXP%20processors%20by%20which%20a%20malformed%20SB2%20file%20header%20sent%20to%20the%20device%20as%20part%20of%20an%20update%20or%20recovery%20boot%20can%20be%20used%20to%20create%20a%20buffer%20overflow.%20The%20buffer%20overflow%20can%20then%20be%20used%20to%20launch%20various%20exploits.%3C%2FP%3E%0A%3CP%3ERefer%20to%20the%20attached%20bulletin%20for%20more%20information.%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3E09%2F26%2F2022%20-%20Bulletin%20updated%20to%20include%20fix%20datecode%20information.%3C%2FP%3E%0A%3CP%3E11%2F01%2F2022%20-%20Bulletin%20updated%20with%20clarification%20that%20mixed%20datecodes%20are%20RT600%20only.%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CBR%20%2F%3E%0A%3C%2FLINGO-BODY%3E
100% helpful (1/1)
Version history
Last update:
‎11-01-2022 12:55 PM
Updated by:
NXP Employee