2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-45163" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2022-11-18T23:15:29.807" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T07:28:52.180" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)"
2024-04-04 08:46:00 +00:00
} ,
{
"lang" : "es" ,
"value" : "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en dispositivos NXP seleccionados cuando se configuran en modo Serial Download Protocol (SDP):i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, y Vybrid. En una configuraci\u00f3n habilitada para la seguridad del dispositivo, el contenido de la memoria podr\u00eda potencialmente filtrarse a atacantes f\u00edsicamente pr\u00f3ximos a trav\u00e9s del puerto SDP respectivo en ataques de arranque en fr\u00edo y en caliente. (La mitigaci\u00f3n recomendada es desactivar completamente el modo SDP programando un eFUSE programable por \u00fanica vez. Los clientes pueden comunicarse con NXP para obtener informaci\u00f3n adicional)."
2023-04-24 12:24:31 +02:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
2024-12-08 03:06:42 +00:00
"source" : "cve@mitre.org" ,
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" ,
"baseScore" : 5.3 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "PHYSICAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
2024-12-08 03:06:42 +00:00
"scope" : "CHANGED" ,
2023-04-24 12:24:31 +02:00
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 0.9 ,
2024-12-08 03:06:42 +00:00
"impactScore" : 4.0
2023-04-24 12:24:31 +02:00
} ,
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" ,
"baseScore" : 4.6 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "PHYSICAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
2024-12-08 03:06:42 +00:00
"scope" : "UNCHANGED" ,
2023-04-24 12:24:31 +02:00
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 0.9 ,
2024-12-08 03:06:42 +00:00
"impactScore" : 3.6
2023-04-24 12:24:31 +02:00
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-203"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "97F1F456-E167-4D6F-BD0F-8BE02D8334E7"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1B3D9F06-FBAB-4271-81AF-D135995BC7CB"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6dual_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "042E76C8-94AD-4F30-AFDC-D6E4C3F49FF0"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6dual:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "74D9AB2D-303F-4C16-A584-0812DE52C7EF"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6duallite_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "28AF0906-B8CE-40FE-BEE0-03A814C55B0B"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6duallite:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0F40FEC3-EBBC-4B1D-9677-23B3A6D89B91"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6dualplus_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "77688E97-E680-445E-B291-CEABBF0AC460"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6dualplus:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DB41F948-3B57-4462-9FF5-890FBD038E66"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6quad_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A062D5CA-B204-4209-A398-343E191A4AE3"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6quad:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B2C69EB9-C38F-41AF-B1A6-0E7BB841BA58"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6quadplus_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CF0BC58B-DFD5-465A-AB3D-724DD05B6199"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6quadplus:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "623866FF-4E6B-48F8-B601-09AB288294D1"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6solo_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BA76C3C4-0030-4C52-BCDE-D4D963C2B511"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6solo:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6A69747C-AE47-4219-8892-461341151E6C"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6sololite_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "25507E5C-FCAC-46E1-A90F-B9AE7D554F76"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6sololite:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0C42AF58-A53F-4307-A381-CD1A511F4569"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6solox_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4BCB98D4-51CD-45AB-8C5D-79989A083946"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "71631A11-FB49-4335-BB1B-47EB9061F47B"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6ull_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3CF45AD7-B959-452C-81CB-FD9A40D11378"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E2CD0D2A-C1A5-4771-ADAB-70375BF06670"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6ultralite_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0D3ECF45-3884-4AEF-B26E-72DA6E43F49A"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6ultralite:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "06A59F6D-0000-4E82-8F16-BC9BC946A7B0"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_6ulz_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7572762F-F69A-42FD-A16C-A831C18E2F54"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_6ulz:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "38EB61DF-AE1E-4073-89F3-86194D2B8C82"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_7dual_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "079CC43E-F536-4C7A-BB92-DA2B0C051680"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_7dual:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E4F7AFD4-FE4A-4D1F-9944-BF67D77E8E5D"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_7solo_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7206B367-4736-4045-8468-C39A41A8435C"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_7solo:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "63F78E63-D311-4D82-A0CE-5A756D469396"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_7ulp_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E548183E-FD55-4483-AA6C-D7E5869C8449"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_7ulp:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D97BB820-55FF-4852-852B-92270D999564"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_8m_mini_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AF734E60-E83D-4388-962E-69FC53D2FF7D"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_8m_mini:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C1822E0E-4DF8-411F-A890-D748F2124869"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_8m_quad_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0207759A-0914-45EF-BF28-357A3A3C8168"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_8m_quad:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7B8FD196-4DC4-4B60-8B39-FD4AAE016E38"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_8m_vybrid_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D8EA5E75-91F9-4D67-A21D-3C346777168E"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_8m_vybrid:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "ECA942EF-73DC-4D03-B160-C28943157BFF"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_rt1010_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "766EB181-7DFB-4EEE-A6CE-B08C3AA7FA96"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_rt1010:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "980986F1-98ED-4584-8AE3-4993852557E1"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_rt1015_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D354D258-CB10-4A49-9047-94E83F4B917A"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_rt1015:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "350AEDA2-3B0D-423F-8C6C-48C4C70FE51A"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_rt1020_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0E6900DD-6233-461B-8774-A63DAFF9D4C7"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_rt1020:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "13E0EB3F-D1FA-4B82-8494-F067E2FE0933"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_rt1050_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8CDC51BD-BF4E-44D2-9443-2F75DF37CDE8"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_rt1050:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4872031C-1F8D-4E42-B8E1-D85E3EE5E8C0"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nxp:i.mx_rt1060_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "868F2F82-E41F-4480-ADF3-DBCA6432782F"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nxp:i.mx_rt1060:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A9476F4D-3676-4AE6-88BF-41E50FCD5839"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://nxp.com" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Product"
]
} ,
{
"url" : "https://research.nccgroup.com/2022/11/17/cve-2022-45163/" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Technical Description" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://research.nccgroup.com/category/technical-advisory/" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Technical Description" ,
"Third Party Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://nxp.com" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Product"
]
} ,
{
"url" : "https://research.nccgroup.com/2022/11/17/cve-2022-45163/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Technical Description" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://research.nccgroup.com/category/technical-advisory/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Technical Description" ,
"Third Party Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
