CVE-2022-38161

Опубликовано: 11 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.

Ссылки

https://github.com/subreption/birdwatch-report-1-repo
Third Party Advisory
https://subreption.com/downloads/reports/demystifying-the-orlan-10_opt.pdf
Technical Description
Third Party Advisory
https://subreption.com/press-releases/2022-birdwatch-first-report/
Third Party Advisory
https://github.com/subreption/birdwatch-report-1-repo
Third Party Advisory
https://subreption.com/downloads/reports/demystifying-the-orlan-10_opt.pdf
Technical Description
Third Party Advisory
https://subreption.com/press-releases/2022-birdwatch-first-report/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:gumstix:overo_sbc:*:*:*:*:*:*:*:*

Версия до 2022-08-09 (включая)

EPSS

Процентиль: 38%

0.00166

Низкий

7.5 High

CVSS3

Дефекты

CWE-119

Связанные уязвимости

GHSA-pc4c-22w8-h8vw

CVSS3: 6.4

github

больше 3 лет назад