CVE-2022-22819 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2022-22819?

CVE-2022-22819 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code on affected NXP LPC55S6x microcontrollers by exploiting a buffer overflow during SB2 update parsing before signature verification. The attack requires physical access or ability to deliver a crafted unsigned update, affecting devices using ROM version 1B of these specific microcontroller models.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on affected NXP LPC55S6x microcontrollers by exploiting a buffer overflow during SB2 update parsing before signature verification. The attack requires physical access or ability to deliver a crafted unsigned update, affecting devices using ROM version 1B of these specific microcontroller models.

💻 Affected Systems

Products:

NXP LPC55S66JBD64
NXP LPC55S66JBD100
NXP LPC55S66JEV98
NXP LPC55S69JBD64
NXP LPC55S69JBD100
NXP LPC55S69JEV98

Versions: ROM version 1B

Operating Systems: Embedded systems using these microcontrollers

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with ROM version 1B; newer ROM versions may not be vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent or non-persistent code execution, potentially enabling firmware modification, data theft, or device bricking.

🟠

Likely Case

Temporary code execution during update process allowing privilege escalation or bypassing security controls, but requiring physical access or update delivery mechanism.

🟢

If Mitigated

No impact if proper update signature verification is enforced and unsigned updates are rejected before parsing.

🌐 Internet-Facing: LOW - Requires physical access or ability to deliver crafted update payload, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through supply chain attacks with physical access to devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious SB2 update file and ability to deliver it to device, but no authentication needed once update process is initiated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ROM versions after 1B

Vendor Advisory: https://www.nxp.com

Restart Required: Yes

Instructions:

1. Contact NXP for updated ROM version. 2. Replace microcontroller or flash updated ROM. 3. Verify new ROM version is installed. 4. Test system functionality.

🔧 Temporary Workarounds

Disable unsigned updates

all

Configure system to reject all unsigned SB2 updates before parsing

Configuration depends on specific implementation; consult device documentation

Physical access controls

all

Restrict physical access to devices and update interfaces

🧯 If You Can't Patch

Implement strict physical security controls around devices
Use secure boot with signature verification before update parsing

🔍 How to Verify

Check if Vulnerable:

Check ROM version via device debug interface or manufacturer tools; version 1B indicates vulnerability

Check Version:

Device-specific command via debug interface; consult NXP documentation

Verify Fix Applied:

Verify ROM version is updated to post-1B version and test that unsigned updates are rejected

📡 Detection & Monitoring

Log Indicators:

Failed update attempts
Unexpected update processes
Debug interface access logs

Network Indicators:

Unexpected update file transfers to devices

SIEM Query:

Search for: 'update_failed' OR 'unsigned_update' OR 'ROM_version_1B' in device logs

📊 Metadata

CVE ID: CVE-2022-22819

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: March 23, 2022

Last Updated: November 21, 2024

🔗 References

https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom Exploit,Third Party Advisory
https://www.nxp.com Vendor Advisory
https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom Exploit,Third Party Advisory
https://www.nxp.com Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22819, you might also want to check these: