Lucene search

K
cve[email protected]CVE-2022-23822
HistoryApr 27, 2022 - 5:15 p.m.

CVE-2022-23822

2022-04-2717:15:07
CWE-863
web.nvd.nist.gov
53
cve-2022-23822
zynq-7000 soc
first stage boot loader
fsbl
physical attack
authentication bypass
malicious image
decryption oracle
exploitation
nvd

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.7%

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.

Affected configurations

NVD
Node
xilinxzynq-7000s_firmwareRange<2022.1
AND
xilinxzynq-7000sMatch-
Node
xilinxzynq-7000_firmwareRange<2022.1
AND
xilinxzynq-7000Match-

CNA Affected

[
  {
    "platforms": [
      "Zynq-7000 SoC FSBL"
    ],
    "product": "Zynq-7000 SoC FSBL",
    "vendor": "AMD-Xilinx",
    "versions": [
      {
        "lessThanOrEqual": "2022.1",
        "status": "affected",
        "version": "2021.2",
        "versionType": "custom"
      }
    ]
  }
]

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.7%

Related for CVE-2022-23822