Overview
A vulnerability (CVE-2022-45163) has been identified on select devices when configured in Serial Download Protocol (SDP) mode. In the security-enabled configuration, memory contents could potentially leak via the respective SDP port in cold and warm boot attacks. The recommended mitigation is to completely disable the SDP mode by programming an eFUSE.
Impact
|
NXP Device Family
|
Impacted Silicon Revisions
|
|
i.MX RT101x
|
All
|
|
i.MX RT102x
|
All
|
|
i.MX RT105x/6x
|
All
|
|
i.MX 6 Family
|
All
|
|
i.MX 7Dual/Solo
|
All
|
|
i.MX 7ULP
|
All
|
|
i.MX 8M Quad
|
All
|
|
i.MX 8M Mini
|
All
|
|
Vybrid (VFxxx)
|
All
|
Mitigation
- The recommended mitigation is to Disable SDP in production devices by setting the SDP_DISABLE One Time Programmable (OTP) eFuse to a value of 1’b1.
- If available, also set UART Serial Download Disable OTP eFuse bit to 1’b1.
Additional Information
- For more details, a Security Bulletin is available on the i.MX Security Portal for customers.
- NXP has also published an updated Security Checklist including best practices in securing production devices
- For access or further information, please contact your NXP Field Support Representative or enter a support request.
Acknowledgment
- NXP would like to thank the NCC Group for the responsible disclosure of this vulnerability.
_________________________________________________________________________
Please note this information is preliminary and subject to change. To the best of NXP's knowledge, the information contained herein is accurate and reliable as of the date of publication; however, NXP does not assume any liability for the accuracy and completeness of the information.
