CVE-2022-23822

Опубликовано: 27 апр. 2022

Источник: nvd

CVSS3: 6.8

CVSS2: 4.4

EPSS Низкий

Описание

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.

Ссылки

https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl
Third Party Advisory
https://support.xilinx.com/s/article/76974
Vendor Advisory
https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl
Third Party Advisory
https://support.xilinx.com/s/article/76974
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:xilinx:zynq-7000s_firmware:*:*:*:*:*:*:*:*

Версия до 2022.1 (исключая)

cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:xilinx:zynq-7000_firmware:*:*:*:*:*:*:*:*

Версия до 2022.1 (исключая)

cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00065

Низкий

6.8 Medium

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-734j-8w33-h29h