CVE-2019-5478

MEDIUM

AMD Zynq UltraScale+ Firmware - Insufficient Verification of Data Authenticity in Encrypt Only Boot Mode

Title source: llm

Description

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://www.xilinx.com/support/answers/72588.html

Third Party Advisory x_refsource_misc

https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt

View Writeup ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 7.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-345 CWE-657

Status published

Products (41)

amd/zu11eg_firmware

amd/zu15eg_firmware

amd/zu17eg_firmware

amd/zu19eg_firmware

amd/zu1cg_firmware

amd/zu1eg_firmware

amd/zu21dr_firmware

amd/zu25dr_firmware

amd/zu27dr_firmware

amd/zu28dr_firmware

... and 31 more

Published Sep 03, 2019

Tracked Since Feb 18, 2026