ICSA-17-152-02
·
Published 2017-07-25
·
View on CISA ICS-CERT ↗
NXP i.MX Product Family
CVSS 6.0
MEDIUM
Risk Summary
REPOSTED INFORMATION
CVEs (2)
Remediations
- Because this is a hardware vulnerability, there are no software workarounds available.
- For i.MX 6UltraLite and i.MX 6ULL devices, users are encouraged to program an eFUSE to disable the Serial Download Protocol (SDP) port to mitigate the vulnerabilities.
- NXP reports a mitigation is to prevent physical access to the respective USB OTG or UART ports used by SDP in the final customer production board design.
- NXP has confirmed that the vulnerabilities have been mitigated in new versions of silicon revisions with an updated ROM module.
- For more information NXP has released an Errata and Engineering Bulletin that can be obtained from NXP support teams.
Affected Vendors
i.MX
Affected Products (22)
i.MX
·
i.MX 50
vers:all/*
i.MX
·
i.MX 53
vers:all/*
i.MX
·
i.MX 6ULL
vers:all/*
i.MX
·
i.MX 6UltraLit
vers:all/*
i.MX
·
i.MX 6SoloLite
vers:all/*
i.MX
·
i.MX 6Solo
vers:all/*
i.MX
·
i.MX 6DualLite
vers:all/*
i.MX
·
i.MX 6SoloX
vers:all/*
i.MX
·
i.MX 6Dual
vers:all/*
i.MX
·
i.MX 6Quad
vers:all/*
i.MX
·
i.MX 6DualPlus
vers:all/*
i.MX
·
i.MX 6QuadPlus
vers:all/*
i.MX
·
Vybrid VF3xx
vers:all/*
i.MX
·
Vybrid VF5xx
vers:all/*
i.MX
·
Vybrid VF6xx
vers:all/*
i.MX
·
i.MX 28
vers:all/*
i.MX
·
.MX 7Solo
vers:all/*
i.MX
·
i.MX 7Dual
vers:all/*
i.MX
·
Vybrid VF5xx
vers:all/*
i.MX
·
Vybrid VF6xx
vers:all/*
i.MX
·
i.MX 6DualPlus
vers:all/*
i.MX
·
i.MX 6QuadPlus
vers:all/*
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more