CVE-2021-31532

moderate-risk

Published 2021-05-06

NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.

Do I need to act?

0.14% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

PHYSICAL / LOW complexity

Affected Products (20)

Lpc55S69Jbd100 Firmware

Lpc55S66Jbd100 Firmware

Lpc55S69Jev98 Firmware

Lpcs66Jev98 Firmware

Lpc55S69Jbd64 Firmware

Lpcs66Jbd64 Firmware

I.Mx Rt500 Firmware

I.Mx Rt600 Firmware

Lpc55S28 Firmware

Lpc55S26 Firmware

Lpc5528 Firmware

Lpc5526 Firmware

Lpc55S16Jbd100 Firmware

Lpc55S16Jev98 Firmware

Lpc55S16Jbd64 Firmware

Lpc55S14Jbd100 Firmware

Lpc55S14Jbd64 Firmware

Lpc5516Jbd100 Firmware

Lpc5516Jev98 Firmware

Lpc5516Jbd64 Firmware

Affected Vendors

Nxp

References (4)

Exploit https://oxide.computer/blog/lpc55/

Vendor Advisory https://www.nxp.com

Exploit https://oxide.computer/blog/lpc55/

Vendor Advisory https://www.nxp.com

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 1/34 · Minimal

Exposure 21/34 · High