CVE-2021-31532

Name: CVE-2021-31532
Creator: NVD / NIST
Published: 2021-05-06T13:15:12.667+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.8/10EPSS 0.45%

Last modified Jun 17, 2026

CVE-2021-31532 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.

Description

NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.

Metrics

CVSS 3.1

6.8/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.45%

36.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Nxp	Lpc55s69jbd100 Firmware	All versions
Nxp	Lpc55s66jbd100 Firmware	All versions
Nxp	Lpc55s69jev98 Firmware	All versions
Nxp	Lpcs66jev98 Firmware	All versions
Nxp	Lpc55s69jbd64 Firmware	All versions
Nxp	Lpcs66jbd64 Firmware	All versions
Nxp	I.Mx Rt500 Firmware	All versions
Nxp	I.Mx Rt600 Firmware	All versions
Nxp	Lpc55s28 Firmware	All versions
Nxp	Lpc55s26 Firmware	All versions
Nxp	Lpc5528 Firmware	All versions
Nxp	Lpc5526 Firmware	All versions
Nxp	Lpc55s16jbd100 Firmware	All versions
Nxp	Lpc55s16jev98 Firmware	All versions
Nxp	Lpc55s16jbd64 Firmware	All versions
Nxp	Lpc55s14jbd100 Firmware	All versions
Nxp	Lpc55s14jbd64 Firmware	All versions
Nxp	Lpc5516jbd100 Firmware	All versions
Nxp	Lpc5516jev98 Firmware	All versions
Nxp	Lpc5516jbd64 Firmware	All versions
Nxp	Lpc5514jbd100 Firmware	All versions
Nxp	Lpc5514jbd64 Firmware	All versions
Nxp	Lpc5512jbd100 Firmware	All versions
Nxp	Lpc5512jbd64 Firmware	All versions

References

https://oxide.computer/blog/lpc55/Exploit, Third Party Advisory
https://www.nxp.comVendor Advisory
https://oxide.computer/blog/lpc55/Exploit, Third Party Advisory
https://www.nxp.comVendor Advisory

Timeline

Published: May 6, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-31532?

How severe is CVE-2021-31532?

CVE-2021-31532 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.45% probability of exploitation in the next 30 days.

How do I fix CVE-2021-31532?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-31532?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST