CVE-2022-45163

CVSS V2 None CVSS V3 None
Description
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
Overview
  • CVE ID
  • CVE-2022-45163
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-18T23:15:29
  • Last Modified Date
  • 2022-11-28T15:21:56
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:nxp:i.mx_6_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6dual_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6dual:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6duallite_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6duallite:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6dualplus_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6dualplus:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6quad_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6quad:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6quadplus_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6quadplus:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6solo_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6solo:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6sololite_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6sololite:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6solox_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6ull_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6ultralite_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6ultralite:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_6ulz_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_6ulz:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_7dual_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_7dual:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_7solo_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_7solo:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_7ulp_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_7ulp:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_8m_mini_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_8m_mini:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_8m_quad_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_8m_quad:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_8m_vybrid_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_8m_vybrid:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_rt1010_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_rt1010:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_rt1015_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_rt1015:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_rt1020_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_rt1020:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_rt1050_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_rt1050:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:nxp:i.mx_rt1060_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nxp:i.mx_rt1060:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://nxp.com Product
https://research.nccgroup.com/2022/11/17/cve-2022-45163/ Exploit Technical Description Third Party Advisory
https://research.nccgroup.com/category/technical-advisory/ Exploit Technical Description Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-11-19 00:00:09 Added to TrackCVE
2022-12-07 17:55:13 2022-11-18T23:15Z 2022-11-18T23:15:29 CVE Published Date updated
2022-12-07 17:55:13 2022-11-28T15:21:56 CVE Modified Date updated
2022-12-07 17:55:13 Analyzed Vulnerability Status updated
2022-12-07 17:55:13 CWE-203 Weakness Enumeration new
2022-12-07 17:55:15 CPE Information updated
2022-12-07 17:55:16 References updated