CVE-2022-45163

Exp

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)

Published: 2022-11-18 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2022-45163 is rated Exploit Available (51.6/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.57%). 2 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2022-45163

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2022-45163

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.06% 0.57% +0.51%
2 2025-03-30 0.25% 0.06% -0.19%
3 2025-03-29 0.25%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-45163

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.3 3.1 MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Click to expand
Attack vector (AV:P)
Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 0.9 4.0 [email protected]
4.6 3.1 MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:P)
Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 0.9 3.6 [email protected]

Weakness enumeration for CVE-2022-45163

Affected software / configurations for CVE-2022-45163

Vendor Product Version Raw CPE
nxp i.mx_6_firmware cpe:2.3:o:nxp:i.mx_6_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6dual_firmware cpe:2.3:o:nxp:i.mx_6dual_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6duallite_firmware cpe:2.3:o:nxp:i.mx_6duallite_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6dualplus_firmware cpe:2.3:o:nxp:i.mx_6dualplus_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6quad_firmware cpe:2.3:o:nxp:i.mx_6quad_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6quadplus_firmware cpe:2.3:o:nxp:i.mx_6quadplus_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6solo_firmware cpe:2.3:o:nxp:i.mx_6solo_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6sololite_firmware cpe:2.3:o:nxp:i.mx_6sololite_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6solox_firmware cpe:2.3:o:nxp:i.mx_6solox_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6ull_firmware cpe:2.3:o:nxp:i.mx_6ull_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6ultralite_firmware cpe:2.3:o:nxp:i.mx_6ultralite_firmware:-:*:*:*:*:*:*:*
nxp i.mx_6ulz_firmware cpe:2.3:o:nxp:i.mx_6ulz_firmware:-:*:*:*:*:*:*:*
nxp i.mx_7dual_firmware cpe:2.3:o:nxp:i.mx_7dual_firmware:-:*:*:*:*:*:*:*
nxp i.mx_7solo_firmware cpe:2.3:o:nxp:i.mx_7solo_firmware:-:*:*:*:*:*:*:*
nxp i.mx_7ulp_firmware cpe:2.3:o:nxp:i.mx_7ulp_firmware:-:*:*:*:*:*:*:*
nxp i.mx_8m_mini_firmware cpe:2.3:o:nxp:i.mx_8m_mini_firmware:-:*:*:*:*:*:*:*
nxp i.mx_8m_quad_firmware cpe:2.3:o:nxp:i.mx_8m_quad_firmware:-:*:*:*:*:*:*:*
nxp i.mx_8m_vybrid_firmware cpe:2.3:o:nxp:i.mx_8m_vybrid_firmware:-:*:*:*:*:*:*:*
nxp i.mx_rt1010_firmware cpe:2.3:o:nxp:i.mx_rt1010_firmware:-:*:*:*:*:*:*:*
nxp i.mx_rt1015_firmware cpe:2.3:o:nxp:i.mx_rt1015_firmware:-:*:*:*:*:*:*:*
nxp i.mx_rt1020_firmware cpe:2.3:o:nxp:i.mx_rt1020_firmware:-:*:*:*:*:*:*:*
nxp i.mx_rt1050_firmware cpe:2.3:o:nxp:i.mx_rt1050_firmware:-:*:*:*:*:*:*:*
nxp i.mx_rt1060_firmware cpe:2.3:o:nxp:i.mx_rt1060_firmware:-:*:*:*:*:*:*:*

References for CVE-2022-45163

URL Tags
https://nxp.com Product
https://research.nccgroup.com/2022/11/17/cve-2022-45163/ Exploit Technical Description Third Party Advisory
https://research.nccgroup.com/category/technical-advisory/ Exploit Technical Description Third Party Advisory
cvelogic Threat Intelligence