CVE-2022-45163
Severity Score
4.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
Existe una vulnerabilidad de divulgación de información en dispositivos NXP seleccionados cuando se configuran en modo Serial Download Protocol (SDP):i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, y Vybrid. En una configuración habilitada para la seguridad del dispositivo, el contenido de la memoria podría potencialmente filtrarse a atacantes físicamente próximos a través del puerto SDP respectivo en ataques de arranque en frío y en caliente. (La mitigación recomendada es desactivar completamente el modo SDP programando un eFUSE programable por única vez. Los clientes pueden comunicarse con NXP para obtener información adicional).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-11-11 CVE Reserved
- 2022-11-18 CVE Published
- 2024-06-10 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://nxp.com | Product |
| URL | Date | SRC |
|---|---|---|
| https://research.nccgroup.com/2022/11/17/cve-2022-45163 | 2024-08-03 | |
| https://research.nccgroup.com/category/technical-advisory | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nxp Search vendor "Nxp" | I.mx 6 Firmware Search vendor "Nxp" for product "I.mx 6 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6 Search vendor "Nxp" for product "I.mx 6" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6dual Firmware Search vendor "Nxp" for product "I.mx 6dual Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6dual Search vendor "Nxp" for product "I.mx 6dual" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6duallite Firmware Search vendor "Nxp" for product "I.mx 6duallite Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6duallite Search vendor "Nxp" for product "I.mx 6duallite" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6dualplus Firmware Search vendor "Nxp" for product "I.mx 6dualplus Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6dualplus Search vendor "Nxp" for product "I.mx 6dualplus" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6quad Firmware Search vendor "Nxp" for product "I.mx 6quad Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6quad Search vendor "Nxp" for product "I.mx 6quad" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6quadplus Firmware Search vendor "Nxp" for product "I.mx 6quadplus Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6quadplus Search vendor "Nxp" for product "I.mx 6quadplus" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6solo Firmware Search vendor "Nxp" for product "I.mx 6solo Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6solo Search vendor "Nxp" for product "I.mx 6solo" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6sololite Firmware Search vendor "Nxp" for product "I.mx 6sololite Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6sololite Search vendor "Nxp" for product "I.mx 6sololite" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6solox Firmware Search vendor "Nxp" for product "I.mx 6solox Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6solox Search vendor "Nxp" for product "I.mx 6solox" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6ull Firmware Search vendor "Nxp" for product "I.mx 6ull Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6ull Search vendor "Nxp" for product "I.mx 6ull" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6ultralite Firmware Search vendor "Nxp" for product "I.mx 6ultralite Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6ultralite Search vendor "Nxp" for product "I.mx 6ultralite" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6ulz Firmware Search vendor "Nxp" for product "I.mx 6ulz Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6ulz Search vendor "Nxp" for product "I.mx 6ulz" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 7dual Firmware Search vendor "Nxp" for product "I.mx 7dual Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 7dual Search vendor "Nxp" for product "I.mx 7dual" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 7solo Firmware Search vendor "Nxp" for product "I.mx 7solo Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 7solo Search vendor "Nxp" for product "I.mx 7solo" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 7ulp Firmware Search vendor "Nxp" for product "I.mx 7ulp Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 7ulp Search vendor "Nxp" for product "I.mx 7ulp" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 8m Mini Firmware Search vendor "Nxp" for product "I.mx 8m Mini Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 8m Mini Search vendor "Nxp" for product "I.mx 8m Mini" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 8m Quad Firmware Search vendor "Nxp" for product "I.mx 8m Quad Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 8m Quad Search vendor "Nxp" for product "I.mx 8m Quad" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 8m Vybrid Firmware Search vendor "Nxp" for product "I.mx 8m Vybrid Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 8m Vybrid Search vendor "Nxp" for product "I.mx 8m Vybrid" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx Rt1010 Firmware Search vendor "Nxp" for product "I.mx Rt1010 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx Rt1010 Search vendor "Nxp" for product "I.mx Rt1010" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx Rt1015 Firmware Search vendor "Nxp" for product "I.mx Rt1015 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx Rt1015 Search vendor "Nxp" for product "I.mx Rt1015" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx Rt1020 Firmware Search vendor "Nxp" for product "I.mx Rt1020 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx Rt1020 Search vendor "Nxp" for product "I.mx Rt1020" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx Rt1050 Firmware Search vendor "Nxp" for product "I.mx Rt1050 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx Rt1050 Search vendor "Nxp" for product "I.mx Rt1050" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx Rt1060 Firmware Search vendor "Nxp" for product "I.mx Rt1060 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx Rt1060 Search vendor "Nxp" for product "I.mx Rt1060" | - | - |
Safe
|