USB ISP Mode Vulnerability

cancel
Showing results for 
Search instead for 
Did you mean: 

USB ISP Mode Vulnerability

No ratings

USB ISP Mode Vulnerability

Summary

A software vulnerability CVE-2021-40154 has been identified in the USB enumeration packet handler, which could leak memory contents if a malformed enumeration request packet is sent to the device. This may occur if the device is configured in the in-system programming (ISP) or serial downloader protocol (SDP) mode or if unpatched USB example code is used in an application.

 

Mitigations

Mitigations have been applied to:

  • The boot ROM in the latest silicon revisions of i.MX RT 500 and 600 and LPC55XX parts
  • USB examples in the MCUXpresso SDK 2.10 release and later

For other devices, the ISP/SDP mode and/or the USB communication mode can be disabled.

 

Affected product list:

               

NXP Device     Impacted Silicon Revisions
LPC55S6x, LPC55S2x, LPC552x                      0A, 1B
LPC55S1x, LPC551x    0A
i.MX RT600                                       A0, B0
i.MX RT500                                        B1, B2

i.MX RT1010/20/50/60

i.MX RT1160/70

All

K8x/KL8x

K27/K28

K32L3/ K32W032 / K32LA/K32LB 

KL27/KL28/KL43                                   

All

 

The vulnerability also affects all MCUXpresso SDK USB device stack examples prior to 2.10.x release. If the NXP device does not support USB or does not utilize the USB example code prior to version 2.10.x  in the application, then those would not be impacted.

Additional Information

Security bulletins with more details are available. For additional questions or support please contact your local NXP representative or submit a ticket at https://support.nxp.com/

Acknowledgments

NXP PSIRT would also like to thank Sulthan Alaudeen Noor Mohamed from Digital14 – xen1thLabs, Hardware Labs for the responsible disclosure.

_____________________________________________________________________________

Please note this information is preliminary and subject to change. To the best of NXP's knowledge, the information contained herein is accurate and reliable as of the date of publication; however, NXP does not assume any liability for the accuracy and completeness of the information.

 

Information in this document is provided solely to enable system and software implementers to use NXP products. There are no express or implied copyright licenses granted hereunder to design or fabricate any integrated circuits based on the information in this document. NXP reserves the right to make changes without further notice to any products herein. NXP makes no warranty, representation, or guarantee regarding the suitability of its products for any particular purpose, nor does NXP assume any liability arising out of the application or use of any product or circuit, and specifically disclaims any and all liability, including without limitation consequential or incidental damages. “Typical” parameters that may be provided in NXP data sheets and/or specifications can and do vary in different applications, and actual performance may vary over time. All operating parameters, including “typicals,” must be validated for each customer application by customerʼs technical experts. NXP does not convey any license under its patent rights nor the rights of others. NXP sells products pursuant to standard terms and conditions of sale, which can be found at the following address: nxp.com/SalesTermsandConditions.

While NXP has implemented advanced security features, all products may be subject to unidentified vulnerabilities. Customers are responsible for the design and operation of their applications and products to reduce the effect of these vulnerabilities on customer's applications and products, and NXP accepts no liability for any vulnerability that is discovered. Customers should implement appropriate design and operating safeguards to minimize the risks associated with their applications and products.

Labels (1)
Version history
Revision #:
4 of 4
Last update:
‎12-02-2021 02:11 PM
Updated by: