// For flags

CVE-2021-44850

 

Severity Score

6.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card's transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM.

En los dispositivos Xilinx Zynq-7000 SoC, la modificación física de una imagen de arranque de la SD permite un ataque de desbordamiento del búfer en la ROM. Dado que el encabezado de la imagen de arranque del Zynq-7000 no está cifrada ni autenticada antes de su uso, un atacante puede modificar el encabezado de arranque almacenado en una tarjeta SD para que una imagen segura parezca no estar cifrada, y podrá modificar toda la gama de valores de inicialización de registros. Normalmente, estos registros estarán restringidos cuando el arranque sea seguro. De importancia para este ataque son dos registros que controlan el tipo y el tamaño de transferencia de la tarjeta SD. Estos registros podrían modificarse de forma que causen un desbordamiento del búfer en la ROM

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-12-13 CVE Reserved
  • 2022-02-10 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-10-26 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (2)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://support.xilinx.com/s/article/47915 2023-08-08
https://support.xilinx.com/s/article/76964 2023-08-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Amd
Search vendor "Amd"
 Xilinx Z-7012s Firmware
Search vendor "Amd" for product "Xilinx Z-7012s Firmware"
--
Affected
in Amd
Search vendor "Amd"
 Xilinx Z-7012s
Search vendor "Amd" for product "Xilinx Z-7012s"
--
Safe
Amd
Search vendor "Amd"
 Xilinx Z-7014s Firmware
Search vendor "Amd" for product "Xilinx Z-7014s Firmware"
--
Affected
in Amd
Search vendor "Amd"
 Xilinx Z-7014s
Search vendor "Amd" for product "Xilinx Z-7014s"
--
Safe
Amd
Search vendor "Amd"
 Xilinx Z-7010 Firmware
Search vendor "Amd" for product "Xilinx Z-7010 Firmware"
--
Affected
in Amd
Search vendor "Amd"
 Xilinx Z-7010
Search vendor "Amd" for product "Xilinx Z-7010"
--
Safe
Amd
Search vendor "Amd"
 Xilinx Z-7015 Firmware
Search vendor "Amd" for product "Xilinx Z-7015 Firmware"
--
Affected
in Amd
Search vendor "Amd"
 Xilinx Z-7015
Search vendor "Amd" for product "Xilinx Z-7015"
--
Safe
Amd
Search vendor "Amd"
 Xilinx Z-7020 Firmware
Search vendor "Amd" for product "Xilinx Z-7020 Firmware"
--
Affected
in Amd
Search vendor "Amd"
 Xilinx Z-7020
Search vendor "Amd" for product "Xilinx Z-7020"
--
Safe
Amd
Search vendor "Amd"
 Xilinx Z-7030 Firmware
Search vendor "Amd" for product "Xilinx Z-7030 Firmware"
--
Affected
in Amd
Search vendor "Amd"
 Xilinx Z-7030
Search vendor "Amd" for product "Xilinx Z-7030"
--
Safe
Amd
Search vendor "Amd"
 Xilinx Z-7035 Firmware
Search vendor "Amd" for product "Xilinx Z-7035 Firmware"
--
Affected
in Amd
Search vendor "Amd"
 Xilinx Z-7035
Search vendor "Amd" for product "Xilinx Z-7035"
--
Safe
Amd
Search vendor "Amd"
 Xilinx Z-7045 Firmware
Search vendor "Amd" for product "Xilinx Z-7045 Firmware"
--
Affected
in Amd
Search vendor "Amd"
 Xilinx Z-7045
Search vendor "Amd" for product "Xilinx Z-7045"
--
Safe
Amd
Search vendor "Amd"
 Xilinx Z-7100 Firmware
Search vendor "Amd" for product "Xilinx Z-7100 Firmware"
--
Affected
in Amd
Search vendor "Amd"
 Xilinx Z-7100
Search vendor "Amd" for product "Xilinx Z-7100"
--
Safe
Amd
Search vendor "Amd"
 Xilinx Z-7007s Firmware
Search vendor "Amd" for product "Xilinx Z-7007s Firmware"
--
Affected
in Amd
Search vendor "Amd"
 Xilinx Z-7007s
Search vendor "Amd" for product "Xilinx Z-7007s"
--
Safe