CVE-2022-45163
Description
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
CVSS Details
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Weaknesses 1
Affected Products 46
| Vendor | Product | Version | Range |
|---|---|---|---|
| nxp | i.mx_6_firmware | * | any |
| nxp | i.mx_6 | * | any |
| nxp | i.mx_6dual_firmware | * | any |
| nxp | i.mx_6dual | * | any |
| nxp | i.mx_6duallite_firmware | * | any |
| nxp | i.mx_6duallite | * | any |
| nxp | i.mx_6dualplus_firmware | * | any |
| nxp | i.mx_6dualplus | * | any |
| nxp | i.mx_6quad_firmware | * | any |
| nxp | i.mx_6quad | * | any |
| nxp | i.mx_6quadplus_firmware | * | any |
| nxp | i.mx_6quadplus | * | any |
| nxp | i.mx_6solo_firmware | * | any |
| nxp | i.mx_6solo | * | any |
| nxp | i.mx_6sololite_firmware | * | any |
| nxp | i.mx_6sololite | * | any |
| nxp | i.mx_6solox_firmware | * | any |
| nxp | i.mx_6solox | * | any |
| nxp | i.mx_6ull_firmware | * | any |
| nxp | i.mx_6ull | * | any |
| nxp | i.mx_6ultralite_firmware | * | any |
| nxp | i.mx_6ultralite | * | any |
| nxp | i.mx_6ulz_firmware | * | any |
| nxp | i.mx_6ulz | * | any |
| nxp | i.mx_7dual_firmware | * | any |
| nxp | i.mx_7dual | * | any |
| nxp | i.mx_7solo_firmware | * | any |
| nxp | i.mx_7solo | * | any |
| nxp | i.mx_7ulp_firmware | * | any |
| nxp | i.mx_7ulp | * | any |
| nxp | i.mx_8m_mini_firmware | * | any |
| nxp | i.mx_8m_mini | * | any |
| nxp | i.mx_8m_quad_firmware | * | any |
| nxp | i.mx_8m_quad | * | any |
| nxp | i.mx_8m_vybrid_firmware | * | any |
| nxp | i.mx_8m_vybrid | * | any |
| nxp | i.mx_rt1010_firmware | * | any |
| nxp | i.mx_rt1010 | * | any |
| nxp | i.mx_rt1015_firmware | * | any |
| nxp | i.mx_rt1015 | * | any |
| nxp | i.mx_rt1020_firmware | * | any |
| nxp | i.mx_rt1020 | * | any |
| nxp | i.mx_rt1050_firmware | * | any |
| nxp | i.mx_rt1050 | * | any |
| nxp | i.mx_rt1060_firmware | * | any |
| nxp | i.mx_rt1060 | * | any |
References 3
- nxp.com https://nxp.com
- research.nccgroup.com https://research.nccgroup.com/2022/11/17/cve-2022-45163/
- research.nccgroup.com https://research.nccgroup.com/category/technical-advisory/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.