CVE-2017-7936
MEDIUMNXP i.MX and Vybrid Firmware - Stack-based Buffer Overflow via SDP Download
Title source: llmDescription
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource, VDB Entry x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99966
Scores
CVSS v3
6.3
EPSS
0.0034
EPSS Percentile
26.3%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-121
Status
published
Products (28)
n/a/NXP i.MX Product Family
NXP i.MX Product Family
nxp/i.mx_50_firmware
nxp/i.mx_53_firmware
nxp/i.mx_6dual_firmware
nxp/i.mx_6duallite_firmware
nxp/i.mx_6dualplus_firmware
nxp/i.mx_6quad_firmware
nxp/i.mx_6quadplus_firmware
nxp/i.mx_6solo_firmware
nxp/i.mx_6sololite_firmware
... and 18 more
Published
Aug 07, 2017
Tracked Since
Feb 18, 2026