A vulnerability (CVE-2022-22819) has been identified on select NXP processors by which a malformed SB2 file header sent to the device as part of an update or recovery boot can be used to create a buffer overflow. The buffer overflow can then be used to launch various exploits.

Refer to the attached bulletin for more information.

09/26/2022 - Bulletin updated to include fix datecode information.

11/01/2022 - Bulletin updated with clarification that mixed datecodes are RT600 only.