cvedb.io
CVE-2022-45163
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2022-11-18T23:15:29.807 · Last modified 2026-06-17T05:09:29.963

Summary

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)

Affected products

nxp — i.mx_6_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when nxp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.