CVE-2019-5478 - Vulnerability Details

Description

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

Published: 2019-09-03

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Zynq UltraScale+ SoC

affected

Version	Status	Constraints
`Not Fixed`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:amd:zu11eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu11eg:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amd:zu15eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu15eg:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:zu17eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu17eg:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amd:zu19eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu19eg:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:zu1cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu1cg:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:zu1eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu1eg:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:zu21dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu21dr:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:amd:zu25dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu25dr:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:amd:zu27dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu27dr:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:amd:zu28dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu28dr:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:amd:zu29dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu29dr:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:amd:zu2cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu2cg:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:amd:zu2eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu2eg:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:amd:zu39dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu39dr:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:amd:zu3cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu3cg:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:amd:zu3eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu3eg:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:amd:zu3tcg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu3tcg:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:amd:zu3teg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu3teg:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:amd:zu42dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu42dr:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:amd:zu43dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu43dr:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:amd:zu46dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu46dr:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:amd:zu47dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu47dr:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:amd:zu48dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu48dr:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:amd:zu49dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu49dr:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:amd:zu4cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu4cg:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:amd:zu4eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu4eg:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:amd:zu4ev_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu4ev:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:amd:zu5cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu5cg:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:amd:zu5eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu5eg:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:amd:zu5ev_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu5ev:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:amd:zu63dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu63dr:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:amd:zu64dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu64dr:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:amd:zu65dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu65dr:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:amd:zu67dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu67dr:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:amd:zu6cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu6cg:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:amd:zu6eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu6eg:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:amd:zu7cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu7cg:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:amd:zu7eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu7eg:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:amd:zu7ev_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu7ev:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:amd:zu9cg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu9cg:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:amd:zu9eg_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:zu9eg:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2019-15058	A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
https://www.xilinx.com/support/answers/72588.html

History

Wed, 27 Nov 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd zu11eg Amd zu11eg Firmware Amd zu15eg Amd zu15eg Firmware Amd zu17eg Amd zu17eg Firmware Amd zu19eg Amd zu19eg Firmware Amd zu1cg Amd zu1cg Firmware Amd zu1eg Amd zu1eg Firmware Amd zu21dr Amd zu21dr Firmware Amd zu25dr Amd zu25dr Firmware Amd zu27dr Amd zu27dr Firmware Amd zu28dr Amd zu28dr Firmware Amd zu29dr Amd zu29dr Firmware Amd zu2cg Amd zu2cg Firmware Amd zu2eg Amd zu2eg Firmware Amd zu39dr Amd zu39dr Firmware Amd zu3cg Amd zu3cg Firmware Amd zu3eg Amd zu3eg Firmware Amd zu3tcg Amd zu3tcg Firmware Amd zu3teg Amd zu3teg Firmware Amd zu42dr Amd zu42dr Firmware Amd zu43dr Amd zu43dr Firmware Amd zu46dr Amd zu46dr Firmware Amd zu47dr Amd zu47dr Firmware Amd zu48dr Amd zu48dr Firmware Amd zu49dr Amd zu49dr Firmware Amd zu4cg Amd zu4cg Firmware Amd zu4eg Amd zu4eg Firmware Amd zu4ev Amd zu4ev Firmware Amd zu5cg Amd zu5cg Firmware Amd zu5eg Amd zu5eg Firmware Amd zu5ev Amd zu5ev Firmware Amd zu63dr Amd zu63dr Firmware Amd zu64dr Amd zu64dr Firmware Amd zu65dr Amd zu65dr Firmware Amd zu67dr Amd zu67dr Firmware Amd zu6cg Amd zu6cg Firmware Amd zu6eg Amd zu6eg Firmware Amd zu7cg Amd zu7cg Firmware Amd zu7eg Amd zu7eg Firmware Amd zu7ev Amd zu7ev Firmware Amd zu9cg Amd zu9cg Firmware Amd zu9eg Amd zu9eg Firmware
CPEs	cpe:2.3:h:xilinx:zynq_ultrascale\+_mpsoc:-:::::::* cpe:2.3:h:xilinx:zynq_ultrascale\+_rfsoc:-:::::::* cpe:2.3:o:xilinx:zynq_ultrascale\+_mpsoc_firmware:-:::::::* cpe:2.3:o:xilinx:zynq_ultrascale\+_rfsoc_firmware:-:::::::*	cpe:2.3:h:amd:zu11eg:-:::::::* cpe:2.3:h:amd:zu15eg:-:::::::* cpe:2.3:h:amd:zu17eg:-:::::::* cpe:2.3:h:amd:zu19eg:-:::::::* cpe:2.3:h:amd:zu1cg:-:::::::* cpe:2.3:h:amd:zu1eg:-:::::::* cpe:2.3:h:amd:zu21dr:-:::::::* cpe:2.3:h:amd:zu25dr:-:::::::* cpe:2.3:h:amd:zu27dr:-:::::::* cpe:2.3:h:amd:zu28dr:-:::::::* cpe:2.3:h:amd:zu29dr:-:::::::* cpe:2.3:h:amd:zu2cg:-:::::::* cpe:2.3:h:amd:zu2eg:-:::::::* cpe:2.3:h:amd:zu39dr:-:::::::* cpe:2.3:h:amd:zu3cg:-:::::::* cpe:2.3:h:amd:zu3eg:-:::::::* cpe:2.3:h:amd:zu3tcg:-:::::::* cpe:2.3:h:amd:zu3teg:-:::::::* cpe:2.3:h:amd:zu42dr:-:::::::* cpe:2.3:h:amd:zu43dr:-:::::::* cpe:2.3:h:amd:zu46dr:-:::::::* cpe:2.3:h:amd:zu47dr:-:::::::* cpe:2.3:h:amd:zu48dr:-:::::::* cpe:2.3:h:amd:zu49dr:-:::::::* cpe:2.3:h:amd:zu4cg:-:::::::* cpe:2.3:h:amd:zu4eg:-:::::::* cpe:2.3:h:amd:zu4ev:-:::::::* cpe:2.3:h:amd:zu5cg:-:::::::* cpe:2.3:h:amd:zu5eg:-:::::::* cpe:2.3:h:amd:zu5ev:-:::::::* cpe:2.3:h:amd:zu63dr:-:::::::* cpe:2.3:h:amd:zu64dr:-:::::::* cpe:2.3:h:amd:zu65dr:-:::::::* cpe:2.3:h:amd:zu67dr:-:::::::* cpe:2.3:h:amd:zu6cg:-:::::::* cpe:2.3:h:amd:zu6eg:-:::::::* cpe:2.3:h:amd:zu7cg:-:::::::* cpe:2.3:h:amd:zu7eg:-:::::::* cpe:2.3:h:amd:zu7ev:-:::::::* cpe:2.3:h:amd:zu9cg:-:::::::* cpe:2.3:h:amd:zu9eg:-:::::::* cpe:2.3:o:amd:zu11eg_firmware:-:::::::* cpe:2.3:o:amd:zu15eg_firmware:-:::::::* cpe:2.3:o:amd:zu17eg_firmware:-:::::::* cpe:2.3:o:amd:zu19eg_firmware:-:::::::* cpe:2.3:o:amd:zu1cg_firmware:-:::::::* cpe:2.3:o:amd:zu1eg_firmware:-:::::::* cpe:2.3:o:amd:zu21dr_firmware:-:::::::* cpe:2.3:o:amd:zu25dr_firmware:-:::::::* cpe:2.3:o:amd:zu27dr_firmware:-:::::::* cpe:2.3:o:amd:zu28dr_firmware:-:::::::* cpe:2.3:o:amd:zu29dr_firmware:-:::::::* cpe:2.3:o:amd:zu2cg_firmware:-:::::::* cpe:2.3:o:amd:zu2eg_firmware:-:::::::* cpe:2.3:o:amd:zu39dr_firmware:-:::::::* cpe:2.3:o:amd:zu3cg_firmware:-:::::::* cpe:2.3:o:amd:zu3eg_firmware:-:::::::* cpe:2.3:o:amd:zu3tcg_firmware:-:::::::* cpe:2.3:o:amd:zu3teg_firmware:-:::::::* cpe:2.3:o:amd:zu42dr_firmware:-:::::::* cpe:2.3:o:amd:zu43dr_firmware:-:::::::* cpe:2.3:o:amd:zu46dr_firmware:-:::::::* cpe:2.3:o:amd:zu47dr_firmware:-:::::::* cpe:2.3:o:amd:zu48dr_firmware:-:::::::* cpe:2.3:o:amd:zu49dr_firmware:-:::::::* cpe:2.3:o:amd:zu4cg_firmware:-:::::::* cpe:2.3:o:amd:zu4eg_firmware:-:::::::* cpe:2.3:o:amd:zu4ev_firmware:-:::::::* cpe:2.3:o:amd:zu5cg_firmware:-:::::::* cpe:2.3:o:amd:zu5eg_firmware:-:::::::* cpe:2.3:o:amd:zu5ev_firmware:-:::::::* cpe:2.3:o:amd:zu63dr_firmware:-:::::::* cpe:2.3:o:amd:zu64dr_firmware:-:::::::* cpe:2.3:o:amd:zu65dr_firmware:-:::::::* cpe:2.3:o:amd:zu67dr_firmware:-:::::::* cpe:2.3:o:amd:zu6cg_firmware:-:::::::* cpe:2.3:o:amd:zu6eg_firmware:-:::::::* cpe:2.3:o:amd:zu7cg_firmware:-:::::::* cpe:2.3:o:amd:zu7eg_firmware:-:::::::* cpe:2.3:o:amd:zu7ev_firmware:-:::::::* cpe:2.3:o:amd:zu9cg_firmware:-:::::::* cpe:2.3:o:amd:zu9eg_firmware:-:::::::*
Vendors & Products	Xilinx Xilinx zynq Ultrascale\+ Mpsoc Xilinx zynq Ultrascale\+ Mpsoc Firmware Xilinx zynq Ultrascale\+ Rfsoc Xilinx zynq Ultrascale\+ Rfsoc Firmware	Amd Amd zu11eg Amd zu11eg Firmware Amd zu15eg Amd zu15eg Firmware Amd zu17eg Amd zu17eg Firmware Amd zu19eg Amd zu19eg Firmware Amd zu1cg Amd zu1cg Firmware Amd zu1eg Amd zu1eg Firmware Amd zu21dr Amd zu21dr Firmware Amd zu25dr Amd zu25dr Firmware Amd zu27dr Amd zu27dr Firmware Amd zu28dr Amd zu28dr Firmware Amd zu29dr Amd zu29dr Firmware Amd zu2cg Amd zu2cg Firmware Amd zu2eg Amd zu2eg Firmware Amd zu39dr Amd zu39dr Firmware Amd zu3cg Amd zu3cg Firmware Amd zu3eg Amd zu3eg Firmware Amd zu3tcg Amd zu3tcg Firmware Amd zu3teg Amd zu3teg Firmware Amd zu42dr Amd zu42dr Firmware Amd zu43dr Amd zu43dr Firmware Amd zu46dr Amd zu46dr Firmware Amd zu47dr Amd zu47dr Firmware Amd zu48dr Amd zu48dr Firmware Amd zu49dr Amd zu49dr Firmware Amd zu4cg Amd zu4cg Firmware Amd zu4eg Amd zu4eg Firmware Amd zu4ev Amd zu4ev Firmware Amd zu5cg Amd zu5cg Firmware Amd zu5eg Amd zu5eg Firmware Amd zu5ev Amd zu5ev Firmware Amd zu63dr Amd zu63dr Firmware Amd zu64dr Amd zu64dr Firmware Amd zu65dr Amd zu65dr Firmware Amd zu67dr Amd zu67dr Firmware Amd zu6cg Amd zu6cg Firmware Amd zu6eg Amd zu6eg Firmware Amd zu7cg Amd zu7cg Firmware Amd zu7eg Amd zu7eg Firmware Amd zu7ev Amd zu7ev Firmware Amd zu9cg Amd zu9cg Firmware Amd zu9eg Amd zu9eg Firmware

Subscriptions

Amd Zu11eg Zu11eg Firmware Zu15eg Zu15eg Firmware Zu17eg Zu17eg Firmware Zu19eg Zu19eg Firmware Zu1cg Zu1cg Firmware Zu1eg Zu1eg Firmware Zu21dr Zu21dr Firmware Zu25dr Zu25dr Firmware Zu27dr Zu27dr Firmware Zu28dr Zu28dr Firmware Zu29dr Zu29dr Firmware Zu2cg Zu2cg Firmware Zu2eg Zu2eg Firmware Zu39dr Zu39dr Firmware Zu3cg Zu3cg Firmware Zu3eg Zu3eg Firmware Zu3tcg Zu3tcg Firmware Zu3teg Zu3teg Firmware Zu42dr Zu42dr Firmware Zu43dr Zu43dr Firmware Zu46dr Zu46dr Firmware Zu47dr Zu47dr Firmware Zu48dr Zu48dr Firmware Zu49dr Zu49dr Firmware Zu4cg Zu4cg Firmware Zu4eg Zu4eg Firmware Zu4ev Zu4ev Firmware Zu5cg Zu5cg Firmware Zu5eg Zu5eg Firmware Zu5ev Zu5ev Firmware Zu63dr Zu63dr Firmware Zu64dr Zu64dr Firmware Zu65dr Zu65dr Firmware Zu67dr Zu67dr Firmware Zu6cg Zu6cg Firmware Zu6eg Zu6eg Firmware Zu7cg Zu7cg Firmware Zu7eg Zu7eg Firmware Zu7ev Zu7ev Firmware Zu9cg Zu9cg Firmware Zu9eg Zu9eg Firmware

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2019-09-03T19:17:35.000Z

Updated: 2024-08-04T19:54:53.489Z

Reserved: 2019-01-04T00:00:00.000Z

Link: CVE-2019-5478

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-09-03T20:15:11.530

Modified: 2024-11-27T16:10:16.277

Link: CVE-2019-5478

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object