Nxp Mcuxpresso Software Development Kit — known CVE vulnerabilities
Every CVE whose affected-product data names Nxp Mcuxpresso Software Development Kit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-17519 — CVSS 8.8 (high): The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload…
CVE-2021-38258 — CVSS 7.8 (high): NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
CVE-2021-38260 — CVSS 7.8 (high): NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
CVE-2021-27421 — CVSS 7.3 (high): NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory…
CVE-2019-17060 — CVSS 6.5 (medium): The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1…