The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property(IP),as well as the management of access rights for such IP.
The methods are flawed and,in the most egregious cases,enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key,among other impacts.
The NXP Semiconductors MQX RTOS prior to version 5.1 contains a buffer overflow in the DHCP client,which may lead to memory corruption allowing an attacker to execute arbitrary code,as well as an out of bounds read in the DNS client which may lead to a denial of service.
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file.
For devices utilizing this environment encryption mode,U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.