Defeating Flash Access Controls (FAC) on NXP Kinetis KV1x, KV3x, and K8x Devices through CPU Register Observation and Code Execution Analysis

Defeating Flash Access Controls (FAC) on NXP Kinetis KV1x, KV3x, and K8x Devices through CPU Register Observation and Code Execution Analysis

CVE-2019-14237 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution.

Learn more about our Web Application Penetration Testing UK.