Search criteria
6 vulnerabilities found for zynq-7000_firmware by xilinx
FKIE_CVE-2022-23822
Vulnerability from fkie_nvd - Published: 2022-04-27 17:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@amd.com | https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl | Third Party Advisory | |
| psirt@amd.com | https://support.xilinx.com/s/article/76974 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.xilinx.com/s/article/76974 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xilinx | zynq-7000s_firmware | * | |
| xilinx | zynq-7000s | - | |
| xilinx | zynq-7000_firmware | * | |
| xilinx | zynq-7000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xilinx:zynq-7000s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D610CBD4-00AC-4470-8E66-5B73AC4D3E3A",
"versionEndExcluding": "2022.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B820E50-D48F-47C1-BC7F-2823E4948674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xilinx:zynq-7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7A35D1-17A0-49DD-9D7F-E4ACA5C57BAE",
"versionEndExcluding": "2022.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A733B279-FD2C-4F20-B220-4D42CD82AB35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."
},
{
"lang": "es",
"value": "En este ataque f\u00edsico, un atacante puede explotar el cargador de arranque de primera etapa (FSBL) del SoC Zynq-7000 evitando la autenticaci\u00f3n y cargando una imagen maliciosa en el dispositivo. Esto, a su vez, puede permitir al atacante llevar a cabo otros ataques, como por ejemplo usar el dispositivo como or\u00e1culo de descifrado. Una mitigaci\u00f3n anticipada por medio de un parche 2022.1 resolver\u00e1 el problema"
}
],
"id": "CVE-2022-23822",
"lastModified": "2024-11-21T06:49:19.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T17:15:07.517",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"
},
{
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.xilinx.com/s/article/76974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.xilinx.com/s/article/76974"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@amd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27208
Vulnerability from fkie_nvd - Published: 2021-03-15 13:15 - Updated: 2024-11-21 05:57
Severity ?
Summary
When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.onfi.org/specifications | Not Applicable | |
| cve@mitre.org | https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html | Product, Vendor Advisory | |
| cve@mitre.org | https://www.xilinx.com/support/answers/76201.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.onfi.org/specifications | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.xilinx.com/support/answers/76201.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xilinx | zynq-7000s_firmware | - | |
| xilinx | zynq-7000s | - | |
| xilinx | zynq-7000_firmware | - | |
| xilinx | zynq-7000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xilinx:zynq-7000s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B1D2D0-34CB-4BAA-982C-FFEBCA5C7A76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B820E50-D48F-47C1-BC7F-2823E4948674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xilinx:zynq-7000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74141029-1B75-4D78-B1AE-9FCB0BA8498B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A733B279-FD2C-4F20-B220-4D42CD82AB35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand\u2019s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful."
},
{
"lang": "es",
"value": "Cuando se arranca un dispositivo Zync-7000 SOC desde la memoria flash nand, el controlador nand en la ROM no comprueba las entradas cuando se leen en par\u00e1metros any en la p\u00e1gina de par\u00e1metros nand. SI un campo le\u00eddo desde la p\u00e1gina de par\u00e1metros es demasiado grande, esto causa un desbordamiento del b\u00fafer que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria. Es necesario un acceso f\u00edsico y modificaci\u00f3n al dispositivo Zynq-7000 para reemplazar la memoria flash nand original con un emulador flash nand para que este ataque tenga \u00e9xito"
}
],
"id": "CVE-2021-27208",
"lastModified": "2024-11-21T05:57:34.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-15T13:15:14.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://www.onfi.org/specifications"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xilinx.com/support/answers/76201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.onfi.org/specifications"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xilinx.com/support/answers/76201.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-23822 (GCVE-0-2022-23822)
Vulnerability from cvelistv5 – Published: 2022-04-27 16:06 – Updated: 2024-09-16 22:25
VLAI?
Summary
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD-Xilinx | Zynq-7000 SoC FSBL |
Affected:
2021.2 , ≤ 2022.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.xilinx.com/s/article/76974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Zynq-7000 SoC FSBL"
],
"product": "Zynq-7000 SoC FSBL",
"vendor": "AMD-Xilinx",
"versions": [
{
"lessThanOrEqual": "2022.1",
"status": "affected",
"version": "2021.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T16:06:05",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.xilinx.com/s/article/76974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-04-26T15:00:00.000Z",
"ID": "CVE-2022-23822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zynq-7000 SoC FSBL",
"version": {
"version_data": [
{
"platform": "Zynq-7000 SoC FSBL",
"version_affected": "\u003c=",
"version_name": "2021.2",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "AMD-Xilinx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.xilinx.com/s/article/76974",
"refsource": "MISC",
"url": "https://support.xilinx.com/s/article/76974"
},
{
"name": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl",
"refsource": "MISC",
"url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23822",
"datePublished": "2022-04-27T16:06:05.276121Z",
"dateReserved": "2022-01-21T00:00:00",
"dateUpdated": "2024-09-16T22:25:01.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27208 (GCVE-0-2021-27208)
Vulnerability from cvelistv5 – Published: 2021-03-15 12:27 – Updated: 2024-08-03 20:40
VLAI?
Summary
When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xilinx.com/support/answers/76201.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.onfi.org/specifications"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand\u2019s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-24T15:47:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xilinx.com/support/answers/76201.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.onfi.org/specifications"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand\u2019s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html",
"refsource": "MISC",
"url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"
},
{
"name": "https://www.xilinx.com/support/answers/76201.html",
"refsource": "MISC",
"url": "https://www.xilinx.com/support/answers/76201.html"
},
{
"name": "http://www.onfi.org/specifications",
"refsource": "MISC",
"url": "http://www.onfi.org/specifications"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27208",
"datePublished": "2021-03-15T12:27:26",
"dateReserved": "2021-02-12T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23822 (GCVE-0-2022-23822)
Vulnerability from nvd – Published: 2022-04-27 16:06 – Updated: 2024-09-16 22:25
VLAI?
Summary
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD-Xilinx | Zynq-7000 SoC FSBL |
Affected:
2021.2 , ≤ 2022.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.xilinx.com/s/article/76974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Zynq-7000 SoC FSBL"
],
"product": "Zynq-7000 SoC FSBL",
"vendor": "AMD-Xilinx",
"versions": [
{
"lessThanOrEqual": "2022.1",
"status": "affected",
"version": "2021.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T16:06:05",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.xilinx.com/s/article/76974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-04-26T15:00:00.000Z",
"ID": "CVE-2022-23822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zynq-7000 SoC FSBL",
"version": {
"version_data": [
{
"platform": "Zynq-7000 SoC FSBL",
"version_affected": "\u003c=",
"version_name": "2021.2",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "AMD-Xilinx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.xilinx.com/s/article/76974",
"refsource": "MISC",
"url": "https://support.xilinx.com/s/article/76974"
},
{
"name": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl",
"refsource": "MISC",
"url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23822",
"datePublished": "2022-04-27T16:06:05.276121Z",
"dateReserved": "2022-01-21T00:00:00",
"dateUpdated": "2024-09-16T22:25:01.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27208 (GCVE-0-2021-27208)
Vulnerability from nvd – Published: 2021-03-15 12:27 – Updated: 2024-08-03 20:40
VLAI?
Summary
When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xilinx.com/support/answers/76201.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.onfi.org/specifications"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand\u2019s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-24T15:47:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xilinx.com/support/answers/76201.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.onfi.org/specifications"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand\u2019s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html",
"refsource": "MISC",
"url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"
},
{
"name": "https://www.xilinx.com/support/answers/76201.html",
"refsource": "MISC",
"url": "https://www.xilinx.com/support/answers/76201.html"
},
{
"name": "http://www.onfi.org/specifications",
"refsource": "MISC",
"url": "http://www.onfi.org/specifications"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27208",
"datePublished": "2021-03-15T12:27:26",
"dateReserved": "2021-02-12T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}