CVE-2023-39902

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 17, 2023

Updated: Oct 24, 2023

CWE ID 281

Summary

CVE-2023-39902 is a newly discovered vulnerability affecting select NXP i.MX 8M family processors using the U-Boot Secondary Program Loader (SPL) before version 2023.07. The issue arises when a maliciously crafted Flattened Image Tree (FIT) format structure is used, enabling unauthenticated software to overwrite SPL memory. Consequently, attackers can gain privilege escalation and execute unauthorized code on the target system. This vulnerability impacts i.MX 8M, i.MX 8M Mini, i.MX 8M Nano, and i.MX 8M Plus processors.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sP4A6w
https://www.cve.org/CVERecord?id=CVE-2023-39902
https://nvd.nist.gov/vuln/detail/CVE-2023-39902

Back to Vulnerability Database

CVE-2023-39902

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations