CVE-2021-27208

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful.

Cuando se arranca un dispositivo Zync-7000 SOC desde la memoria flash nand, el controlador nand en la ROM no comprueba las entradas cuando se leen en parámetros any en la página de parámetros nand. SI un campo leído desde la página de parámetros es demasiado grande, esto causa un desbordamiento del búfer que podría conllevar a una ejecución de código arbitraria. Es necesario un acceso físico y modificación al dispositivo Zynq-7000 para reemplazar la memoria flash nand original con un emulador flash nand para que este ataque tenga éxito

*Credits: N/A

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-02-12 CVE Reserved
2021-03-15 CVE Published
2024-02-19 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (3)

URL	Tag	Source
http://www.onfi.org/specifications	Not Applicable

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html	2021-03-30
https://www.xilinx.com/support/answers/76201.html	2021-03-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xilinx Search vendor "Xilinx"	Zynq-7000s Firmware Search vendor "Xilinx" for product "Zynq-7000s Firmware"	-	-	Affected	in	Xilinx Search vendor "Xilinx"	Zynq-7000s Search vendor "Xilinx" for product "Zynq-7000s"	-	-	Safe
Xilinx Search vendor "Xilinx"	Zynq-7000 Firmware Search vendor "Xilinx" for product "Zynq-7000 Firmware"	-	-	Affected	in	Xilinx Search vendor "Xilinx"	Zynq-7000 Search vendor "Xilinx" for product "Zynq-7000"	-	-	Safe