CVE-2022-45163 An information disclosure vulnerability exists on NXP devices configured in SDP mode i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, and i.M.

CVE-2022-45163 An information disclosure vulnerability exists on NXP devices configured in SDP mode i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, and i.M.

Further information about this issue can be found in the NXP advisory. A public exploit is available for i.MX RT 1010 at the NXP website. A second information-disclosure vulnerability exists on select NXP devices when configured in UART mode: i.MX 6 Family, i.MX 6Q, i.MX 6D, i.MX 6Solo, i.MX 7ULP, i.MX 7Dual/Solo, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective UART port in cold and warm boot attacks. (The recommended mitigation is to completely disable the UART mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)

An information-disclosure vulnerability exists on select NXP devices when configured in UART mode: i.MX 6 Family, i.MX 6Q, i.MX 6D, i.MX 6Solo, i.MX 7ULP, i.MX 7Dual/Solo, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective UART port in cold and warm boot attacks. (The recommended mitigation is to completely disable the UART mode

How to Find Vulnerabilities in Physical Interfaces

Some security vulnerabilities are hard to find, even for the most experienced of hunters. Physical interfaces like UART ports may not be monitored or managed in the same ways as software or firmware. Security-aware development practices take up a lot of time and resources.
Luckily, there are some tools that can help you find security vulnerabilities in hardware or physical interfaces.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe