First published: Fri Nov 18 2022(Updated: )
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nxp I.mx 6 Firmware | ||
Nxp I.mx 6 | ||
Nxp I.mx 6dual Firmware | ||
Nxp I.mx 6dual | ||
Nxp I.mx 6duallite Firmware | ||
Nxp I.mx 6duallite | ||
Nxp I.mx 6dualplus Firmware | ||
Nxp I.mx 6dualplus | ||
Nxp I.mx 6quad Firmware | ||
Nxp I.mx 6quad | ||
Nxp I.mx 6quadplus Firmware | ||
Nxp I.mx 6quadplus | ||
Nxp I.mx 6solo Firmware | ||
Nxp I.mx 6solo | ||
Nxp I.mx 6sololite Firmware | ||
Nxp I.mx 6sololite | ||
Nxp I.mx 6solox Firmware | ||
Nxp I.mx 6solox | ||
Nxp I.mx 6ull Firmware | ||
Nxp I.mx 6ull | ||
Nxp I.mx 6ultralite Firmware | ||
Nxp I.mx 6ultralite | ||
Nxp I.mx 6ulz Firmware | ||
Nxp I.mx 6ulz | ||
Nxp I.mx 7dual Firmware | ||
Nxp I.mx 7dual | ||
Nxp I.mx 7solo Firmware | ||
Nxp I.mx 7solo | ||
Nxp I.mx 7ulp Firmware | ||
Nxp I.mx 7ulp | ||
Nxp I.mx 8m Mini Firmware | ||
Nxp I.mx 8m Mini | ||
Nxp I.mx 8m Quad Firmware | ||
Nxp I.mx 8m Quad | ||
Nxp I.mx 8m Vybrid Firmware | ||
Nxp I.mx 8m Vybrid | ||
Nxp I.mx Rt1010 Firmware | ||
Nxp I.mx Rt1010 | ||
Nxp I.mx Rt1015 Firmware | ||
Nxp I.mx Rt1015 | ||
Nxp I.mx Rt1020 Firmware | ||
Nxp I.mx Rt1020 | ||
Nxp I.mx Rt1050 Firmware | ||
Nxp I.mx Rt1050 | ||
Nxp I.mx Rt1060 Firmware | ||
Nxp I.mx Rt1060 | ||
All of | ||
Nxp I.mx 6 Firmware | ||
Nxp I.mx 6 | ||
All of | ||
Nxp I.mx 6dual Firmware | ||
Nxp I.mx 6dual | ||
All of | ||
Nxp I.mx 6duallite Firmware | ||
Nxp I.mx 6duallite | ||
All of | ||
Nxp I.mx 6dualplus Firmware | ||
Nxp I.mx 6dualplus | ||
All of | ||
Nxp I.mx 6quad Firmware | ||
Nxp I.mx 6quad | ||
All of | ||
Nxp I.mx 6quadplus Firmware | ||
Nxp I.mx 6quadplus | ||
All of | ||
Nxp I.mx 6solo Firmware | ||
Nxp I.mx 6solo | ||
All of | ||
Nxp I.mx 6sololite Firmware | ||
Nxp I.mx 6sololite | ||
All of | ||
Nxp I.mx 6solox Firmware | ||
Nxp I.mx 6solox | ||
All of | ||
Nxp I.mx 6ull Firmware | ||
Nxp I.mx 6ull | ||
All of | ||
Nxp I.mx 6ultralite Firmware | ||
Nxp I.mx 6ultralite | ||
All of | ||
Nxp I.mx 6ulz Firmware | ||
Nxp I.mx 6ulz | ||
All of | ||
Nxp I.mx 7dual Firmware | ||
Nxp I.mx 7dual | ||
All of | ||
Nxp I.mx 7solo Firmware | ||
Nxp I.mx 7solo | ||
All of | ||
Nxp I.mx 7ulp Firmware | ||
Nxp I.mx 7ulp | ||
All of | ||
Nxp I.mx 8m Mini Firmware | ||
Nxp I.mx 8m Mini | ||
All of | ||
Nxp I.mx 8m Quad Firmware | ||
Nxp I.mx 8m Quad | ||
All of | ||
Nxp I.mx 8m Vybrid Firmware | ||
Nxp I.mx 8m Vybrid | ||
All of | ||
Nxp I.mx Rt1010 Firmware | ||
Nxp I.mx Rt1010 | ||
All of | ||
Nxp I.mx Rt1015 Firmware | ||
Nxp I.mx Rt1015 | ||
All of | ||
Nxp I.mx Rt1020 Firmware | ||
Nxp I.mx Rt1020 | ||
All of | ||
Nxp I.mx Rt1050 Firmware | ||
Nxp I.mx Rt1050 | ||
All of | ||
Nxp I.mx Rt1060 Firmware | ||
Nxp I.mx Rt1060 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-45163 is an information-disclosure vulnerability that exists on select NXP devices when configured in Serial Download Protocol (SDP) mode.
The following NXP devices are affected by CVE-2022-45163: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid.
The severity of CVE-2022-45163 is medium, with a severity value of 4.6.
To fix CVE-2022-45163, apply the necessary patches or updates provided by NXP for your specific device.
You can find more information about CVE-2022-45163 on the NXP website and the NCC Group technical advisory.