Vulnerabilites related to nxp - i.mx_6
CVE-2022-45163 (GCVE-0-2022-45163)
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2025-04-30 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://research.nccgroup.com/category/technical-advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://nxp.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.nccgroup.com/2022/11/17/cve-2022-45163/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T14:38:25.052695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:38:50.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:P/A:N/C:H/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://research.nccgroup.com/category/technical-advisory/"
},
{
"url": "https://nxp.com"
},
{
"url": "https://research.nccgroup.com/2022/11/17/cve-2022-45163/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45163",
"datePublished": "2022-11-18T00:00:00.000Z",
"dateReserved": "2022-11-11T00:00:00.000Z",
"dateUpdated": "2025-04-30T14:38:50.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36133 (GCVE-0-2021-36133)
Vulnerability from cvelistv5
Published
2021-12-07 20:42
Modified
2024-08-04 00:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T20:42:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt",
"refsource": "MISC",
"url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36133",
"datePublished": "2021-12-07T20:42:31",
"dateReserved": "2021-07-02T00:00:00",
"dateUpdated": "2024-08-04T00:47:43.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-12-07 21:15
Modified
2024-11-21 06:13
Severity ?
Summary
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linaro:op-tee:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8D35B9-CF81-4539-A691-DF6ABA515B92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3D9F06-FBAB-4271-81AF-D135995BC7CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71631A11-FB49-4335-BB1B-47EB9061F47B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CD0D2A-C1A5-4771-ADAB-70375BF06670",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ulz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB61DF-AE1E-4073-89F3-86194D2B8C82",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nxp:i.mx_7ds:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03B83613-161E-4AF4-B828-17821B868138",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nxp:i.mx6sx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62F22874-A623-4705-B8B7-A0C7E1BDA705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."
},
{
"lang": "es",
"value": "El controlador CSU de OPTEE-OS para los dispositivos NXP i.MX SoC carece de configuraci\u00f3n de acceso de seguridad para varios modelos, resultando en una omisi\u00f3n de TrustZone porque el Mundo no Seguro puede llevar a cabo operaciones arbitrarias de lectura/escritura de memoria en la memoria del Mundo Seguro. Esto implica un perif\u00e9rico con capacidad DMA"
}
],
"id": "CVE-2021-36133",
"lastModified": "2024-11-21T06:13:11.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-07T21:15:08.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-18 23:15
Modified
2025-04-30 15:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://nxp.com | Product | |
| cve@mitre.org | https://research.nccgroup.com/2022/11/17/cve-2022-45163/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://research.nccgroup.com/category/technical-advisory/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nxp.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.nccgroup.com/2022/11/17/cve-2022-45163/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.nccgroup.com/category/technical-advisory/ | Exploit, Technical Description, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97F1F456-E167-4D6F-BD0F-8BE02D8334E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3D9F06-FBAB-4271-81AF-D135995BC7CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6dual_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "042E76C8-94AD-4F30-AFDC-D6E4C3F49FF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6dual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74D9AB2D-303F-4C16-A584-0812DE52C7EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6duallite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28AF0906-B8CE-40FE-BEE0-03A814C55B0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6duallite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F40FEC3-EBBC-4B1D-9677-23B3A6D89B91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6dualplus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77688E97-E680-445E-B291-CEABBF0AC460",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6dualplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB41F948-3B57-4462-9FF5-890FBD038E66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6quad_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A062D5CA-B204-4209-A398-343E191A4AE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6quad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C69EB9-C38F-41AF-B1A6-0E7BB841BA58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6quadplus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0BC58B-DFD5-465A-AB3D-724DD05B6199",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6quadplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "623866FF-4E6B-48F8-B601-09AB288294D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6solo_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76C3C4-0030-4C52-BCDE-D4D963C2B511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6solo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A69747C-AE47-4219-8892-461341151E6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6sololite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25507E5C-FCAC-46E1-A90F-B9AE7D554F76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6sololite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C42AF58-A53F-4307-A381-CD1A511F4569",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6solox_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCB98D4-51CD-45AB-8C5D-79989A083946",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71631A11-FB49-4335-BB1B-47EB9061F47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6ull_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF45AD7-B959-452C-81CB-FD9A40D11378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CD0D2A-C1A5-4771-ADAB-70375BF06670",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6ultralite_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3ECF45-3884-4AEF-B26E-72DA6E43F49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ultralite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A59F6D-0000-4E82-8F16-BC9BC946A7B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_6ulz_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7572762F-F69A-42FD-A16C-A831C18E2F54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_6ulz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB61DF-AE1E-4073-89F3-86194D2B8C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_7dual_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079CC43E-F536-4C7A-BB92-DA2B0C051680",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_7dual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F7AFD4-FE4A-4D1F-9944-BF67D77E8E5D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_7solo_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7206B367-4736-4045-8468-C39A41A8435C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_7solo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63F78E63-D311-4D82-A0CE-5A756D469396",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_7ulp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E548183E-FD55-4483-AA6C-D7E5869C8449",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_7ulp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D97BB820-55FF-4852-852B-92270D999564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_8m_mini_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF734E60-E83D-4388-962E-69FC53D2FF7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_8m_mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1822E0E-4DF8-411F-A890-D748F2124869",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_8m_quad_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0207759A-0914-45EF-BF28-357A3A3C8168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_8m_quad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8FD196-4DC4-4B60-8B39-FD4AAE016E38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_8m_vybrid_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EA5E75-91F9-4D67-A21D-3C346777168E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_8m_vybrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA942EF-73DC-4D03-B160-C28943157BFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_rt1010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "766EB181-7DFB-4EEE-A6CE-B08C3AA7FA96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_rt1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "980986F1-98ED-4584-8AE3-4993852557E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_rt1015_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D354D258-CB10-4A49-9047-94E83F4B917A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_rt1015:-:*:*:*:*:*:*:*",
"matchCriteriaId": "350AEDA2-3B0D-423F-8C6C-48C4C70FE51A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_rt1020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6900DD-6233-461B-8774-A63DAFF9D4C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_rt1020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13E0EB3F-D1FA-4B82-8494-F067E2FE0933",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_rt1050_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDC51BD-BF4E-44D2-9443-2F75DF37CDE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_rt1050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4872031C-1F8D-4E42-B8E1-D85E3EE5E8C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nxp:i.mx_rt1060_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "868F2F82-E41F-4480-ADF3-DBCA6432782F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nxp:i.mx_rt1060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9476F4D-3676-4AE6-88BF-41E50FCD5839",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en dispositivos NXP seleccionados cuando se configuran en modo Serial Download Protocol (SDP):i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, y Vybrid. En una configuraci\u00f3n habilitada para la seguridad del dispositivo, el contenido de la memoria podr\u00eda potencialmente filtrarse a atacantes f\u00edsicamente pr\u00f3ximos a trav\u00e9s del puerto SDP respectivo en ataques de arranque en fr\u00edo y en caliente. (La mitigaci\u00f3n recomendada es desactivar completamente el modo SDP programando un eFUSE programable por \u00fanica vez. Los clientes pueden comunicarse con NXP para obtener informaci\u00f3n adicional)."
}
],
"id": "CVE-2022-45163",
"lastModified": "2025-04-30T15:15:59.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-18T23:15:29.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://nxp.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2022/11/17/cve-2022-45163/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/category/technical-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://nxp.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2022/11/17/cve-2022-45163/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/category/technical-advisory/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}