CVE-2022-23005

Host Boot ROM Code Vulnerability in Systems Implementing UFS Boot Feature

Severity Score

8.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers.

Western Digital ha identificado una debilidad en el estándar UFS que podría resultar en una vulnerabilidad de seguridad. Esta vulnerabilidad puede existir en algunos sistemas donde el código ROM de inicio del host implementa la función de inicio UFS para iniciar desde dispositivos de almacenamiento compatibles con UFS. La función de arranque UFS, como se especifica en el estándar UFS, la proporcionan los dispositivos UFS para admitir plataformas que necesitan descargar el cargador de arranque del sistema desde ubicaciones de almacenamiento externas no volátiles. Se han identificado varios escenarios en los que los adversarios pueden desactivar la capacidad de arranque o volver a un código de cargador de arranque antiguo, si el código ROM de arranque del host se implementa incorrectamente. Los implementadores de UFS Host Boot ROM pueden verse afectados por esta vulnerabilidad. Los dispositivos UFS solo se ven afectados cuando están conectados a un host UFS vulnerable y esta vulnerabilidad no los afecta de forma independiente. Cuando está presente, la vulnerabilidad está en la implementación del host UFS y no es una vulnerabilidad en los dispositivos UFS de Western Digital. Western Digital ha proporcionado detalles de la vulnerabilidad al organismo de estándares JEDEC, a múltiples proveedores de procesadores host y proveedores de soluciones de software.

*Credits: Rotem Sela and Avri Altman of Western Digital

CVSS Scores

NISTv3.1 8.7

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-10 CVE Reserved
2023-01-23 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-08-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-662: Improper Synchronization
CWE-1224: Improper Restriction of Write-Once Bit Fields
CWE-1233: Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE-1262: Improper Access Control for Register Interface

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-host-boot-rom-code-vulnerability-and-mitigation.pdf	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://www.westerndigital.com/support/product-security/wdc-23001-host-boot-rom-code-vulnerability-in-systems-implementing-ufs-boot-feature	2023-02-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jedec Search vendor "Jedec"	Universal Flash Storage Search vendor "Jedec" for product "Universal Flash Storage"	-	-	Affected	in	Westerndigital Search vendor "Westerndigital"	Inand Eu311 Mobile Mc Ufs Search vendor "Westerndigital" for product "Inand Eu311 Mobile Mc Ufs"	-	-	Safe
Jedec Search vendor "Jedec"	Universal Flash Storage Search vendor "Jedec" for product "Universal Flash Storage"	-	-	Affected	in	Westerndigital Search vendor "Westerndigital"	Inand Eu312 Automotive Xa At Ufs Search vendor "Westerndigital" for product "Inand Eu312 Automotive Xa At Ufs"	-	-	Safe
Jedec Search vendor "Jedec"	Universal Flash Storage Search vendor "Jedec" for product "Universal Flash Storage"	-	-	Affected	in	Westerndigital Search vendor "Westerndigital"	Inand Eu312 Industrial Ix Ufs Search vendor "Westerndigital" for product "Inand Eu312 Industrial Ix Ufs"	-	-	Safe