CVE-2022-45163
MEDIUMNXP i.MX Firmware - Information Disclosure via Serial Download Protocol
Title source: llmDescription
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
References (3)
Core 3
Core References
Product
https://nxp.com
Exploit, Technical Description, Third Party Advisory
https://research.nccgroup.com/2022/11/17/cve-2022-45163/
Exploit, Technical Description, Third Party Advisory
https://research.nccgroup.com/category/technical-advisory/
Scores
CVSS v3
5.3
EPSS
0.0057
EPSS Percentile
42.6%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-203
Status
published
Products (23)
nxp/i.mx_6_firmware
nxp/i.mx_6dual_firmware
nxp/i.mx_6duallite_firmware
nxp/i.mx_6dualplus_firmware
nxp/i.mx_6quad_firmware
nxp/i.mx_6quadplus_firmware
nxp/i.mx_6solo_firmware
nxp/i.mx_6sololite_firmware
nxp/i.mx_6solox_firmware
nxp/i.mx_6ull_firmware
... and 13 more
Published
Nov 18, 2022
Tracked Since
Feb 18, 2026