CVE-2022-23822 - OpenCVE

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xilinx	Zynq-7000 Zynq-7000s Firmware Zynq-7000s Zynq-7000 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:xilinx:zynq-7000s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:xilinx:zynq-7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl	Third Party Advisory
https://support.xilinx.com/s/article/76974	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: AMD

Published: 2022-04-26T00:00:00

Updated: 2022-04-27T16:06:05

Reserved: 2022-01-21T00:00:00

Link: CVE-2022-23822

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-27T17:15:07.517

Modified: 2022-05-09T16:33:38.843

Link: CVE-2022-23822

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"containers": {"cna": {"affected": [{"platforms": ["Zynq-7000 SoC FSBL"], "product": "Zynq-7000 SoC FSBL", "vendor": "AMD-Xilinx", "versions": [{"lessThanOrEqual": "2022.1", "status": "affected", "version": "2021.2", "versionType": "custom"}]}], "datePublic": "2022-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-27T16:06:05", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.xilinx.com/s/article/76974"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-04-26T15:00:00.000Z", "ID": "CVE-2022-23822", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zynq-7000 SoC FSBL", "version": {"version_data": [{"platform": "Zynq-7000 SoC FSBL", "version_affected": "<=", "version_name": "2021.2", "version_value": "2022.1"}]}}]}, "vendor_name": "AMD-Xilinx"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863 Incorrect Authorization"}]}]}, "references": {"reference_data": [{"name": "https://support.xilinx.com/s/article/76974", "refsource": "MISC", "url": "https://support.xilinx.com/s/article/76974"}, {"name": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl", "refsource": "MISC", "url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2022-23822", "datePublished": "2022-04-26T00:00:00", "dateReserved": "2022-01-21T00:00:00", "dateUpdated": "2022-04-27T16:06:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq-7000s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D610CBD4-00AC-4470-8E66-5B73AC4D3E3A", "versionEndExcluding": "2022.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B820E50-D48F-47C1-BC7F-2823E4948674", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq-7000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A7A35D1-17A0-49DD-9D7F-E4ACA5C57BAE", "versionEndExcluding": "2022.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "A733B279-FD2C-4F20-B220-4D42CD82AB35", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."}, {"lang": "es", "value": "En este ataque f\u00edsico, un atacante puede explotar el cargador de arranque de primera etapa (FSBL) del SoC Zynq-7000 evitando la autenticaci\u00f3n y cargando una imagen maliciosa en el dispositivo. Esto, a su vez, puede permitir al atacante llevar a cabo otros ataques, como por ejemplo usar el dispositivo como or\u00e1culo de descifrado. Una mitigaci\u00f3n anticipada por medio de un parche 2022.1 resolver\u00e1 el problema"}], "id": "CVE-2022-23822", "lastModified": "2022-05-09T16:33:38.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-27T17:15:07.517", "references": [{"source": "psirt@amd.com", "tags": ["Third Party Advisory"], "url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"}, {"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://support.xilinx.com/s/article/76974"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "psirt@amd.com", "type": "Secondary"}]}