CVE-2019-14239

Published Sep 24, 2019

Last updated 5 years ago

CVSS medium 6.6

Overview

Description: On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.6
Impact score: 5.9
Exploitability score: 0.7
Vector string: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nxp:kinetis_kv1x_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E716AAD-1972-47B0-9BB6-21911240F91B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nxp:kinetis_kv1x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8060833B-C771-410B-BD4B-F785B7AC34D8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nxp:kinetis_kv3x_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39193E67-7CC2-4E7E-A691-714E75B5461E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nxp:kinetis_kv3x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FC3C0365-FF46-4C46-9434-74C9D23E0BAF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nxp:kinetis_k8x_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3132E2E-0BAC-40AD-9A29-6CB4C599858E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nxp:kinetis_k8x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4F0CD947-8DFD-4E18-BCCE-5F9EC96BEAF9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References