CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23822
https://notcve.org/view.php?id=CVE-2022-23822
27 Apr 2022 — In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue. En este ataque físico, un atacante puede explotar el cargador de arranque de primera etapa (FSBL) del SoC Zynq-7000 evitando la... • https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27208
https://notcve.org/view.php?id=CVE-2021-27208
15 Mar 2021 — When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to ... • http://www.onfi.org/specifications • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5478
https://notcve.org/view.php?id=CVE-2019-5478
03 Sep 2019 — A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior. Se ha descubierto una debilidad en el modo de inicio Encrypt Only en los dispositivos Zynq UltraScale +. Esto podría llevar a que un adversario pueda modificar los campos de control de la imagen de arranque y provocar un comportamiento de arranque seguro incorrecto. • https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt • CWE-345: Insufficient Verification of Data Authenticity CWE-657: Violation of Secure Design Principles •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0928
https://notcve.org/view.php?id=CVE-2010-0928
05 Mar 2010 — OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack." OpenSSL 0.9.8i en Gaisler Research LEON3 SoC sobre Xilinx Virtex-II Pro FPGA utiliza un algoritmo Fixe... • http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection • CWE-310: Cryptographic Issues •