CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23822
https://notcve.org/view.php?id=CVE-2022-23822
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue. En este ataque físico, un atacante puede explotar el cargador de arranque de primera etapa (FSBL) del SoC Zynq-7000 evitando la autenticación y cargando una imagen maliciosa en el dispositivo. Esto, a su vez, puede permitir al atacante llevar a cabo otros ataques, como por ejemplo usar el dispositivo como oráculo de descifrado. • https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl https://support.xilinx.com/s/article/76974 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27208
https://notcve.org/view.php?id=CVE-2021-27208
When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful. Cuando se arranca un dispositivo Zync-7000 SOC desde la memoria flash nand, el controlador nand en la ROM no comprueba las entradas cuando se leen en parámetros any en la página de parámetros nand. SI un campo leído desde la página de parámetros es demasiado grande, esto causa un desbordamiento del búfer que podría conllevar a una ejecución de código arbitraria. • http://www.onfi.org/specifications https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html https://www.xilinx.com/support/answers/76201.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5478
https://notcve.org/view.php?id=CVE-2019-5478
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior. Se ha descubierto una debilidad en el modo de inicio Encrypt Only en los dispositivos Zynq UltraScale +. Esto podría llevar a que un adversario pueda modificar los campos de control de la imagen de arranque y provocar un comportamiento de arranque seguro incorrecto. • https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt https://www.xilinx.com/support/answers/72588.html • CWE-345: Insufficient Verification of Data Authenticity CWE-657: Violation of Secure Design Principles •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0928
https://notcve.org/view.php?id=CVE-2010-0928
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack." OpenSSL 0.9.8i en Gaisler Research LEON3 SoC sobre Xilinx Virtex-II Pro FPGA utiliza un algoritmo Fixed Width Exponentiation (FWE) para ciertos calculos de firma, el cual no verifica previamente la firma del cliente, lo que hace que atacantes proximos fisicamente puedan determinar la clave privada a traves de una modificacion del voltaje del microprocesador, relacionado con el ataque "fault-based attack." • http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf http://www.networkworld.com/news/2010/030410-rsa-security-attack.html http://www.osvdb.org/62808 http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/56750 • CWE-310: Cryptographic Issues •