CWE
203
Advisory Published
Updated

CVE-2022-45163

First published: Fri Nov 18 2022(Updated: )

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Nxp I.mx 6 Firmware
Nxp I.mx 6
Nxp I.mx 6dual Firmware
Nxp I.mx 6dual
Nxp I.mx 6duallite Firmware
Nxp I.mx 6duallite
Nxp I.mx 6dualplus Firmware
Nxp I.mx 6dualplus
Nxp I.mx 6quad Firmware
Nxp I.mx 6quad
Nxp I.mx 6quadplus Firmware
Nxp I.mx 6quadplus
Nxp I.mx 6solo Firmware
Nxp I.mx 6solo
Nxp I.mx 6sololite Firmware
Nxp I.mx 6sololite
Nxp I.mx 6solox Firmware
Nxp I.mx 6solox
Nxp I.mx 6ull Firmware
Nxp I.mx 6ull
Nxp I.mx 6ultralite Firmware
Nxp I.mx 6ultralite
Nxp I.mx 6ulz Firmware
Nxp I.mx 6ulz
Nxp I.mx 7dual Firmware
Nxp I.mx 7dual
Nxp I.mx 7solo Firmware
Nxp I.mx 7solo
Nxp I.mx 7ulp Firmware
Nxp I.mx 7ulp
Nxp I.mx 8m Mini Firmware
Nxp I.mx 8m Mini
Nxp I.mx 8m Quad Firmware
Nxp I.mx 8m Quad
Nxp I.mx 8m Vybrid Firmware
Nxp I.mx 8m Vybrid
Nxp I.mx Rt1010 Firmware
Nxp I.mx Rt1010
Nxp I.mx Rt1015 Firmware
Nxp I.mx Rt1015
Nxp I.mx Rt1020 Firmware
Nxp I.mx Rt1020
Nxp I.mx Rt1050 Firmware
Nxp I.mx Rt1050
Nxp I.mx Rt1060 Firmware
Nxp I.mx Rt1060
All of
Nxp I.mx 6 Firmware
Nxp I.mx 6
All of
Nxp I.mx 6dual Firmware
Nxp I.mx 6dual
All of
Nxp I.mx 6duallite Firmware
Nxp I.mx 6duallite
All of
Nxp I.mx 6dualplus Firmware
Nxp I.mx 6dualplus
All of
Nxp I.mx 6quad Firmware
Nxp I.mx 6quad
All of
Nxp I.mx 6quadplus Firmware
Nxp I.mx 6quadplus
All of
Nxp I.mx 6solo Firmware
Nxp I.mx 6solo
All of
Nxp I.mx 6sololite Firmware
Nxp I.mx 6sololite
All of
Nxp I.mx 6solox Firmware
Nxp I.mx 6solox
All of
Nxp I.mx 6ull Firmware
Nxp I.mx 6ull
All of
Nxp I.mx 6ultralite Firmware
Nxp I.mx 6ultralite
All of
Nxp I.mx 6ulz Firmware
Nxp I.mx 6ulz
All of
Nxp I.mx 7dual Firmware
Nxp I.mx 7dual
All of
Nxp I.mx 7solo Firmware
Nxp I.mx 7solo
All of
Nxp I.mx 7ulp Firmware
Nxp I.mx 7ulp
All of
Nxp I.mx 8m Mini Firmware
Nxp I.mx 8m Mini
All of
Nxp I.mx 8m Quad Firmware
Nxp I.mx 8m Quad
All of
Nxp I.mx 8m Vybrid Firmware
Nxp I.mx 8m Vybrid
All of
Nxp I.mx Rt1010 Firmware
Nxp I.mx Rt1010
All of
Nxp I.mx Rt1015 Firmware
Nxp I.mx Rt1015
All of
Nxp I.mx Rt1020 Firmware
Nxp I.mx Rt1020
All of
Nxp I.mx Rt1050 Firmware
Nxp I.mx Rt1050
All of
Nxp I.mx Rt1060 Firmware
Nxp I.mx Rt1060

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2022-45163?

    CVE-2022-45163 is an information-disclosure vulnerability that exists on select NXP devices when configured in Serial Download Protocol (SDP) mode.

  • Which NXP devices are affected by CVE-2022-45163?

    The following NXP devices are affected by CVE-2022-45163: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid.

  • What is the severity of CVE-2022-45163?

    The severity of CVE-2022-45163 is medium, with a severity value of 4.6.

  • How can I fix CVE-2022-45163?

    To fix CVE-2022-45163, apply the necessary patches or updates provided by NXP for your specific device.

  • Where can I find more information about CVE-2022-45163?

    You can find more information about CVE-2022-45163 on the NXP website and the NCC Group technical advisory.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203