CVE-2019-5478 - Vulnerability Details

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Zynq UltraScale+ SoC

affected

Version	Status	Constraints
`Not Fixed`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:amd:zu11eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu11eg:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amd:zu15eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu15eg:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:zu17eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu17eg:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amd:zu19eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu19eg:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:zu1cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu1cg:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:zu1eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu1eg:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:zu21dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu21dr:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:amd:zu25dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu25dr:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:amd:zu27dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu27dr:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:amd:zu28dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu28dr:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:amd:zu29dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu29dr:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:amd:zu2cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu2cg:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:amd:zu2eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu2eg:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:amd:zu39dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu39dr:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:amd:zu3cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu3cg:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:amd:zu3eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu3eg:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:amd:zu3tcg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu3tcg:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:amd:zu3teg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu3teg:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:amd:zu42dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu42dr:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:amd:zu43dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu43dr:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:amd:zu46dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu46dr:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:amd:zu47dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu47dr:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:amd:zu48dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu48dr:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:amd:zu49dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu49dr:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:amd:zu4cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu4cg:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:amd:zu4eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu4eg:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:amd:zu4ev_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu4ev:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:amd:zu5cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu5cg:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:amd:zu5eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu5eg:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:amd:zu5ev_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu5ev:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:amd:zu63dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu63dr:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:amd:zu64dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu64dr:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:amd:zu65dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu65dr:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:amd:zu67dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu67dr:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:amd:zu6cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu6cg:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:amd:zu6eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu6eg:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:amd:zu7cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu7cg:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:amd:zu7eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu7eg:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:amd:zu7ev_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu7ev:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:amd:zu9cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu9cg:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:amd:zu9eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu9eg:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Amd Subscribe	Zu11eg Subscribe Zu11eg Firmware Subscribe Zu15eg Subscribe Zu15eg Firmware Subscribe Zu17eg Subscribe Zu17eg Firmware Subscribe Zu19eg Subscribe Zu19eg Firmware Subscribe Zu1cg Subscribe Zu1cg Firmware Subscribe Zu1eg Subscribe Zu1eg Firmware Subscribe Zu21dr Subscribe Zu21dr Firmware Subscribe Zu25dr Subscribe Zu25dr Firmware Subscribe Zu27dr Subscribe Zu27dr Firmware Subscribe Zu28dr Subscribe Zu28dr Firmware Subscribe Zu29dr Subscribe Zu29dr Firmware Subscribe Zu2cg Subscribe Zu2cg Firmware Subscribe Zu2eg Subscribe Zu2eg Firmware Subscribe Zu39dr Subscribe Zu39dr Firmware Subscribe Zu3cg Subscribe Zu3cg Firmware Subscribe Zu3eg Subscribe Zu3eg Firmware Subscribe Zu3tcg Subscribe Zu3tcg Firmware Subscribe Zu3teg Subscribe Zu3teg Firmware Subscribe Zu42dr Subscribe Zu42dr Firmware Subscribe Zu43dr Subscribe Zu43dr Firmware Subscribe Zu46dr Subscribe Zu46dr Firmware Subscribe Zu47dr Subscribe Zu47dr Firmware Subscribe Zu48dr Subscribe Zu48dr Firmware Subscribe Zu49dr Subscribe Zu49dr Firmware Subscribe Zu4cg Subscribe Zu4cg Firmware Subscribe Zu4eg Subscribe Zu4eg Firmware Subscribe Zu4ev Subscribe Zu4ev Firmware Subscribe Zu5cg Subscribe Zu5cg Firmware Subscribe Zu5eg Subscribe Zu5eg Firmware Subscribe Zu5ev Subscribe Zu5ev Firmware Subscribe Zu63dr Subscribe Zu63dr Firmware Subscribe Zu64dr Subscribe Zu64dr Firmware Subscribe Zu65dr Subscribe Zu65dr Firmware Subscribe Zu67dr Subscribe Zu67dr Firmware Subscribe Zu6cg Subscribe Zu6cg Firmware Subscribe Zu6eg Subscribe Zu6eg Firmware Subscribe Zu7cg Subscribe Zu7cg Firmware Subscribe Zu7eg Subscribe Zu7eg Firmware Subscribe Zu7ev Subscribe Zu7ev Firmware Subscribe Zu9cg Subscribe Zu9cg Firmware Subscribe Zu9eg Subscribe Zu9eg Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2019-15058	A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
https://www.xilinx.com/support/answers/72588.html

History

Wed, 27 Nov 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd zu11eg Amd zu11eg Firmware Amd zu15eg Amd zu15eg Firmware Amd zu17eg Amd zu17eg Firmware Amd zu19eg Amd zu19eg Firmware Amd zu1cg Amd zu1cg Firmware Amd zu1eg Amd zu1eg Firmware Amd zu21dr Amd zu21dr Firmware Amd zu25dr Amd zu25dr Firmware Amd zu27dr Amd zu27dr Firmware Amd zu28dr Amd zu28dr Firmware Amd zu29dr Amd zu29dr Firmware Amd zu2cg Amd zu2cg Firmware Amd zu2eg Amd zu2eg Firmware Amd zu39dr Amd zu39dr Firmware Amd zu3cg Amd zu3cg Firmware Amd zu3eg Amd zu3eg Firmware Amd zu3tcg Amd zu3tcg Firmware Amd zu3teg Amd zu3teg Firmware Amd zu42dr Amd zu42dr Firmware Amd zu43dr Amd zu43dr Firmware Amd zu46dr Amd zu46dr Firmware Amd zu47dr Amd zu47dr Firmware Amd zu48dr Amd zu48dr Firmware Amd zu49dr Amd zu49dr Firmware Amd zu4cg Amd zu4cg Firmware Amd zu4eg Amd zu4eg Firmware Amd zu4ev Amd zu4ev Firmware Amd zu5cg Amd zu5cg Firmware Amd zu5eg Amd zu5eg Firmware Amd zu5ev Amd zu5ev Firmware Amd zu63dr Amd zu63dr Firmware Amd zu64dr Amd zu64dr Firmware Amd zu65dr Amd zu65dr Firmware Amd zu67dr Amd zu67dr Firmware Amd zu6cg Amd zu6cg Firmware Amd zu6eg Amd zu6eg Firmware Amd zu7cg Amd zu7cg Firmware Amd zu7eg Amd zu7eg Firmware Amd zu7ev Amd zu7ev Firmware Amd zu9cg Amd zu9cg Firmware Amd zu9eg Amd zu9eg Firmware
CPEs	cpe:2.3:h:xilinx:zynq_ultrascale\+_mpsoc:-:::::::* cpe:2.3:h:xilinx:zynq_ultrascale\+_rfsoc:-:::::::* cpe:2.3:o:xilinx:zynq_ultrascale\+_mpsoc_firmware:-:::::::* cpe:2.3:o:xilinx:zynq_ultrascale\+_rfsoc_firmware:-:::::::*	cpe:2.3:h:amd:zu11eg:-:::::::* cpe:2.3:h:amd:zu15eg:-:::::::* cpe:2.3:h:amd:zu17eg:-:::::::* cpe:2.3:h:amd:zu19eg:-:::::::* cpe:2.3:h:amd:zu1cg:-:::::::* cpe:2.3:h:amd:zu1eg:-:::::::* cpe:2.3:h:amd:zu21dr:-:::::::* cpe:2.3:h:amd:zu25dr:-:::::::* cpe:2.3:h:amd:zu27dr:-:::::::* cpe:2.3:h:amd:zu28dr:-:::::::* cpe:2.3:h:amd:zu29dr:-:::::::* cpe:2.3:h:amd:zu2cg:-:::::::* cpe:2.3:h:amd:zu2eg:-:::::::* cpe:2.3:h:amd:zu39dr:-:::::::* cpe:2.3:h:amd:zu3cg:-:::::::* cpe:2.3:h:amd:zu3eg:-:::::::* cpe:2.3:h:amd:zu3tcg:-:::::::* cpe:2.3:h:amd:zu3teg:-:::::::* cpe:2.3:h:amd:zu42dr:-:::::::* cpe:2.3:h:amd:zu43dr:-:::::::* cpe:2.3:h:amd:zu46dr:-:::::::* cpe:2.3:h:amd:zu47dr:-:::::::* cpe:2.3:h:amd:zu48dr:-:::::::* cpe:2.3:h:amd:zu49dr:-:::::::* cpe:2.3:h:amd:zu4cg:-:::::::* cpe:2.3:h:amd:zu4eg:-:::::::* cpe:2.3:h:amd:zu4ev:-:::::::* cpe:2.3:h:amd:zu5cg:-:::::::* cpe:2.3:h:amd:zu5eg:-:::::::* cpe:2.3:h:amd:zu5ev:-:::::::* cpe:2.3:h:amd:zu63dr:-:::::::* cpe:2.3:h:amd:zu64dr:-:::::::* cpe:2.3:h:amd:zu65dr:-:::::::* cpe:2.3:h:amd:zu67dr:-:::::::* cpe:2.3:h:amd:zu6cg:-:::::::* cpe:2.3:h:amd:zu6eg:-:::::::* cpe:2.3:h:amd:zu7cg:-:::::::* cpe:2.3:h:amd:zu7eg:-:::::::* cpe:2.3:h:amd:zu7ev:-:::::::* cpe:2.3:h:amd:zu9cg:-:::::::* cpe:2.3:h:amd:zu9eg:-:::::::* cpe:2.3:o:amd:zu11eg_firmware:-:::::::* cpe:2.3:o:amd:zu15eg_firmware:-:::::::* cpe:2.3:o:amd:zu17eg_firmware:-:::::::* cpe:2.3:o:amd:zu19eg_firmware:-:::::::* cpe:2.3:o:amd:zu1cg_firmware:-:::::::* cpe:2.3:o:amd:zu1eg_firmware:-:::::::* cpe:2.3:o:amd:zu21dr_firmware:-:::::::* cpe:2.3:o:amd:zu25dr_firmware:-:::::::* cpe:2.3:o:amd:zu27dr_firmware:-:::::::* cpe:2.3:o:amd:zu28dr_firmware:-:::::::* cpe:2.3:o:amd:zu29dr_firmware:-:::::::* cpe:2.3:o:amd:zu2cg_firmware:-:::::::* cpe:2.3:o:amd:zu2eg_firmware:-:::::::* cpe:2.3:o:amd:zu39dr_firmware:-:::::::* cpe:2.3:o:amd:zu3cg_firmware:-:::::::* cpe:2.3:o:amd:zu3eg_firmware:-:::::::* cpe:2.3:o:amd:zu3tcg_firmware:-:::::::* cpe:2.3:o:amd:zu3teg_firmware:-:::::::* cpe:2.3:o:amd:zu42dr_firmware:-:::::::* cpe:2.3:o:amd:zu43dr_firmware:-:::::::* cpe:2.3:o:amd:zu46dr_firmware:-:::::::* cpe:2.3:o:amd:zu47dr_firmware:-:::::::* cpe:2.3:o:amd:zu48dr_firmware:-:::::::* cpe:2.3:o:amd:zu49dr_firmware:-:::::::* cpe:2.3:o:amd:zu4cg_firmware:-:::::::* cpe:2.3:o:amd:zu4eg_firmware:-:::::::* cpe:2.3:o:amd:zu4ev_firmware:-:::::::* cpe:2.3:o:amd:zu5cg_firmware:-:::::::* cpe:2.3:o:amd:zu5eg_firmware:-:::::::* cpe:2.3:o:amd:zu5ev_firmware:-:::::::* cpe:2.3:o:amd:zu63dr_firmware:-:::::::* cpe:2.3:o:amd:zu64dr_firmware:-:::::::* cpe:2.3:o:amd:zu65dr_firmware:-:::::::* cpe:2.3:o:amd:zu67dr_firmware:-:::::::* cpe:2.3:o:amd:zu6cg_firmware:-:::::::* cpe:2.3:o:amd:zu6eg_firmware:-:::::::* cpe:2.3:o:amd:zu7cg_firmware:-:::::::* cpe:2.3:o:amd:zu7eg_firmware:-:::::::* cpe:2.3:o:amd:zu7ev_firmware:-:::::::* cpe:2.3:o:amd:zu9cg_firmware:-:::::::* cpe:2.3:o:amd:zu9eg_firmware:-:::::::*
Vendors & Products	Xilinx Xilinx zynq Ultrascale\+ Mpsoc Xilinx zynq Ultrascale\+ Mpsoc Firmware Xilinx zynq Ultrascale\+ Rfsoc Xilinx zynq Ultrascale\+ Rfsoc Firmware	Amd Amd zu11eg Amd zu11eg Firmware Amd zu15eg Amd zu15eg Firmware Amd zu17eg Amd zu17eg Firmware Amd zu19eg Amd zu19eg Firmware Amd zu1cg Amd zu1cg Firmware Amd zu1eg Amd zu1eg Firmware Amd zu21dr Amd zu21dr Firmware Amd zu25dr Amd zu25dr Firmware Amd zu27dr Amd zu27dr Firmware Amd zu28dr Amd zu28dr Firmware Amd zu29dr Amd zu29dr Firmware Amd zu2cg Amd zu2cg Firmware Amd zu2eg Amd zu2eg Firmware Amd zu39dr Amd zu39dr Firmware Amd zu3cg Amd zu3cg Firmware Amd zu3eg Amd zu3eg Firmware Amd zu3tcg Amd zu3tcg Firmware Amd zu3teg Amd zu3teg Firmware Amd zu42dr Amd zu42dr Firmware Amd zu43dr Amd zu43dr Firmware Amd zu46dr Amd zu46dr Firmware Amd zu47dr Amd zu47dr Firmware Amd zu48dr Amd zu48dr Firmware Amd zu49dr Amd zu49dr Firmware Amd zu4cg Amd zu4cg Firmware Amd zu4eg Amd zu4eg Firmware Amd zu4ev Amd zu4ev Firmware Amd zu5cg Amd zu5cg Firmware Amd zu5eg Amd zu5eg Firmware Amd zu5ev Amd zu5ev Firmware Amd zu63dr Amd zu63dr Firmware Amd zu64dr Amd zu64dr Firmware Amd zu65dr Amd zu65dr Firmware Amd zu67dr Amd zu67dr Firmware Amd zu6cg Amd zu6cg Firmware Amd zu6eg Amd zu6eg Firmware Amd zu7cg Amd zu7cg Firmware Amd zu7eg Amd zu7eg Firmware Amd zu7ev Amd zu7ev Firmware Amd zu9cg Amd zu9cg Firmware Amd zu9eg Amd zu9eg Firmware

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2019-09-03T19:17:35

Updated: 2024-08-04T19:54:53.489Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5478

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-09-03T20:15:11.530

Modified: 2024-11-27T16:10:16.277

Link: CVE-2019-5478

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object