CVE-2021-31532

MEDIUM
Published May 6, 20215y ago · Modified Jun 17, 20262w ago
6.8 CVSS 3.1
Medium
Find Similar
Published May 6, 2021 5y ago
Last Modified Jun 17, 2026 2w ago

Description

NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.

CVSS Details

Base Score
6.8
Exploitability
0.9
Impact
5.9
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Affected Products 60

VendorProductVersionRange
nxplpc55s69jbd100_firmware*any
nxplpc55s69jbd1000aany
nxplpc55s69jbd1001bany
nxplpc55s66jbd100_firmware*any
nxplpc55s66jbd1000aany
nxplpc55s66jbd1001bany
nxplpc55s69jev98_firmware*any
nxplpc55s69jev980aany
nxplpc55s69jev981bany
nxplpcs66jev98_firmware*any
nxplpcs66jev980aany
nxplpcs66jev981bany
nxplpc55s69jbd64_firmware*any
nxplpc55s69jbd640aany
nxplpc55s69jbd641bany
nxplpcs66jbd64_firmware*any
nxplpcs66jbd640aany
nxplpcs66jbd641bany
nxpi.mx_rt500_firmware*any
nxpi.mx_rt500b1any
nxpi.mx_rt500b2any
nxpi.mx_rt600_firmware*any
nxpi.mx_rt600a0any
nxpi.mx_rt600b0any
nxplpc55s28_firmware*any
nxplpc55s280aany
nxplpc55s281bany
nxplpc55s26_firmware*any
nxplpc55s260aany
nxplpc55s261bany
nxplpc5528_firmware*any
nxplpc55280aany
nxplpc55281bany
nxplpc5526_firmware*any
nxplpc55260aany
nxplpc55261bany
nxplpc55s16jbd100_firmware*any
nxplpc55s16jbd1000aany
nxplpc55s16jev98_firmware*any
nxplpc55s16jev980aany
nxplpc55s16jbd64_firmware*any
nxplpc55s16jbd640aany
nxplpc55s14jbd100_firmware*any
nxplpc55s14jbd1000aany
nxplpc55s14jbd64_firmware*any
nxplpc55s14jbd640aany
nxplpc5516jbd100_firmware*any
nxplpc5516jbd1000aany
nxplpc5516jev98_firmware*any
nxplpc5516jev980aany
nxplpc5516jbd64_firmware*any
nxplpc5516jbd640aany
nxplpc5514jbd100_firmware*any
nxplpc5514jbd1000aany
nxplpc5514jbd64_firmware*any
nxplpc5514jbd640aany
nxplpc5512jbd100_firmware*any
nxplpc5512jbd1000aany
nxplpc5512jbd64_firmware*any
nxplpc5512jbd640aany

References 2

  • oxide.computer https://oxide.computer/blog/lpc55/
    ExploitThird Party Advisory
  • nxp.com https://www.nxp.com
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.