CVE-2021-44850
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card's transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM.
En los dispositivos Xilinx Zynq-7000 SoC, la modificación física de una imagen de arranque de la SD permite un ataque de desbordamiento del búfer en la ROM. Dado que el encabezado de la imagen de arranque del Zynq-7000 no está cifrada ni autenticada antes de su uso, un atacante puede modificar el encabezado de arranque almacenado en una tarjeta SD para que una imagen segura parezca no estar cifrada, y podrá modificar toda la gama de valores de inicialización de registros. Normalmente, estos registros estarán restringidos cuando el arranque sea seguro. De importancia para este ataque son dos registros que controlan el tipo y el tamaño de transferencia de la tarjeta SD. Estos registros podrían modificarse de forma que causen un desbordamiento del búfer en la ROM
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-13 CVE Reserved
- 2022-02-10 CVE Published
- 2024-08-04 CVE Updated
- 2024-10-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.xilinx.com/s/article/47915 | 2023-08-08 | |
https://support.xilinx.com/s/article/76964 | 2023-08-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Amd Search vendor "Amd" | Xilinx Z-7012s Firmware Search vendor "Amd" for product "Xilinx Z-7012s Firmware" | - | - |
Affected
| in | Amd Search vendor "Amd" | Xilinx Z-7012s Search vendor "Amd" for product "Xilinx Z-7012s" | - | - |
Safe
|
Amd Search vendor "Amd" | Xilinx Z-7014s Firmware Search vendor "Amd" for product "Xilinx Z-7014s Firmware" | - | - |
Affected
| in | Amd Search vendor "Amd" | Xilinx Z-7014s Search vendor "Amd" for product "Xilinx Z-7014s" | - | - |
Safe
|
Amd Search vendor "Amd" | Xilinx Z-7010 Firmware Search vendor "Amd" for product "Xilinx Z-7010 Firmware" | - | - |
Affected
| in | Amd Search vendor "Amd" | Xilinx Z-7010 Search vendor "Amd" for product "Xilinx Z-7010" | - | - |
Safe
|
Amd Search vendor "Amd" | Xilinx Z-7015 Firmware Search vendor "Amd" for product "Xilinx Z-7015 Firmware" | - | - |
Affected
| in | Amd Search vendor "Amd" | Xilinx Z-7015 Search vendor "Amd" for product "Xilinx Z-7015" | - | - |
Safe
|
Amd Search vendor "Amd" | Xilinx Z-7020 Firmware Search vendor "Amd" for product "Xilinx Z-7020 Firmware" | - | - |
Affected
| in | Amd Search vendor "Amd" | Xilinx Z-7020 Search vendor "Amd" for product "Xilinx Z-7020" | - | - |
Safe
|
Amd Search vendor "Amd" | Xilinx Z-7030 Firmware Search vendor "Amd" for product "Xilinx Z-7030 Firmware" | - | - |
Affected
| in | Amd Search vendor "Amd" | Xilinx Z-7030 Search vendor "Amd" for product "Xilinx Z-7030" | - | - |
Safe
|
Amd Search vendor "Amd" | Xilinx Z-7035 Firmware Search vendor "Amd" for product "Xilinx Z-7035 Firmware" | - | - |
Affected
| in | Amd Search vendor "Amd" | Xilinx Z-7035 Search vendor "Amd" for product "Xilinx Z-7035" | - | - |
Safe
|
Amd Search vendor "Amd" | Xilinx Z-7045 Firmware Search vendor "Amd" for product "Xilinx Z-7045 Firmware" | - | - |
Affected
| in | Amd Search vendor "Amd" | Xilinx Z-7045 Search vendor "Amd" for product "Xilinx Z-7045" | - | - |
Safe
|
Amd Search vendor "Amd" | Xilinx Z-7100 Firmware Search vendor "Amd" for product "Xilinx Z-7100 Firmware" | - | - |
Affected
| in | Amd Search vendor "Amd" | Xilinx Z-7100 Search vendor "Amd" for product "Xilinx Z-7100" | - | - |
Safe
|
Amd Search vendor "Amd" | Xilinx Z-7007s Firmware Search vendor "Amd" for product "Xilinx Z-7007s Firmware" | - | - |
Affected
| in | Amd Search vendor "Amd" | Xilinx Z-7007s Search vendor "Amd" for product "Xilinx Z-7007s" | - | - |
Safe
|