CVE-2021-44850
MEDIUMXilinx Zynq-7000 SoC Firmware - Buffer Overflow via Modified SD Boot Image Header
Title source: llmDescription
On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card's transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.xilinx.com/s/article/47915
Vendor Advisory x_refsource_confirm
https://support.xilinx.com/s/article/76964
Scores
CVSS v3
6.8
EPSS
0.0007
EPSS Percentile
22.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-345
Status
published
Products (10)
amd/xilinx_z-7007s_firmware
amd/xilinx_z-7010_firmware
amd/xilinx_z-7012s_firmware
amd/xilinx_z-7014s_firmware
amd/xilinx_z-7015_firmware
amd/xilinx_z-7020_firmware
amd/xilinx_z-7030_firmware
amd/xilinx_z-7035_firmware
amd/xilinx_z-7045_firmware
amd/xilinx_z-7100_firmware
Published
Feb 10, 2022
Tracked Since
Feb 18, 2026