{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-23005", "assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "assignerShortName": "WDC PSIRT", "dateUpdated": "2024-08-03T03:28:42.818Z", "dateReserved": "2022-01-10T00:00:00", "datePublished": "2023-01-23T00:00:00"}, "containers": {"cna": {"title": "Host Boot ROM Code Vulnerability in Systems Implementing UFS Boot Feature", "providerMetadata": {"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "shortName": "WDC PSIRT", "dateUpdated": "2023-01-24T00:00:00"}, "descriptions": [{"lang": "en", "value": "Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers."}], "affected": [{"vendor": "NA", "product": "NA", "versions": [{"version": "NA", "status": "affected"}]}], "references": [{"url": "https://www.westerndigital.com/support/product-security/wdc-23001-host-boot-rom-code-vulnerability-in-systems-implementing-ufs-boot-feature"}, {"url": "https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-host-boot-rom-code-vulnerability-and-mitigation.pdf"}], "credits": [{"lang": "en", "value": "Rotem Sela and Avri Altman of Western Digital"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-1224 Improper Restriction of Write-Once Bit FieldsCWE-1224 Improper Restriction of Write-Once Bit Fields", "cweId": "CWE-1224"}]}, {"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection", "cweId": "CWE-1233"}]}, {"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-1262 Improper Access Control for Register Interface", "cweId": "CWE-1262"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:42.818Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.westerndigital.com/support/product-security/wdc-23001-host-boot-rom-code-vulnerability-in-systems-implementing-ufs-boot-feature", "tags": ["x_transferred"]}, {"url": "https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-host-boot-rom-code-vulnerability-and-mitigation.pdf", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jedec:universal_flash_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9714261-0668-43D3-A2F7-F71BF0558EFF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:inand_eu311_mobile_mc_ufs:-:*:*:*:*:*:*:*", "matchCriteriaId": "64574B53-418D-48B8-A8C0-7ACBCDB376ED", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:inand_eu312_automotive_xa_at_ufs:-:*:*:*:*:*:*:*", "matchCriteriaId": "6732465D-2CBD-40A6-8920-DB2FFB1C33AB", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:inand_eu312_industrial_ix_ufs:-:*:*:*:*:*:*:*", "matchCriteriaId": "8212BC6C-2A6B-4DA7-BD1F-34D538F502B6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers."}, {"lang": "es", "value": "Western Digital ha identificado una debilidad en el est\u00e1ndar UFS que podr\u00eda resultar en una vulnerabilidad de seguridad. Esta vulnerabilidad puede existir en algunos sistemas donde el c\u00f3digo ROM de inicio del host implementa la funci\u00f3n de inicio UFS para iniciar desde dispositivos de almacenamiento compatibles con UFS. La funci\u00f3n de arranque UFS, como se especifica en el est\u00e1ndar UFS, la proporcionan los dispositivos UFS para admitir plataformas que necesitan descargar el cargador de arranque del sistema desde ubicaciones de almacenamiento externas no vol\u00e1tiles. Se han identificado varios escenarios en los que los adversarios pueden desactivar la capacidad de arranque o volver a un c\u00f3digo de cargador de arranque antiguo, si el c\u00f3digo ROM de arranque del host se implementa incorrectamente. Los implementadores de UFS Host Boot ROM pueden verse afectados por esta vulnerabilidad. Los dispositivos UFS solo se ven afectados cuando est\u00e1n conectados a un host UFS vulnerable y esta vulnerabilidad no los afecta de forma independiente. Cuando est\u00e1 presente, la vulnerabilidad est\u00e1 en la implementaci\u00f3n del host UFS y no es una vulnerabilidad en los dispositivos UFS de Western Digital. Western Digital ha proporcionado detalles de la vulnerabilidad al organismo de est\u00e1ndares JEDEC, a m\u00faltiples proveedores de procesadores host y proveedores de soluciones de software."}], "id": "CVE-2022-23005", "lastModified": "2024-11-21T06:47:47.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "psirt@wdc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-23T22:15:10.997", "references": [{"source": "psirt@wdc.com", "tags": ["Exploit", "Technical Description", "Vendor Advisory"], "url": "https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-host-boot-rom-code-vulnerability-and-mitigation.pdf"}, {"source": "psirt@wdc.com", "tags": ["Vendor Advisory"], "url": "https://www.westerndigital.com/support/product-security/wdc-23001-host-boot-rom-code-vulnerability-in-systems-implementing-ufs-boot-feature"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Vendor Advisory"], "url": "https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-host-boot-rom-code-vulnerability-and-mitigation.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.westerndigital.com/support/product-security/wdc-23001-host-boot-rom-code-vulnerability-in-systems-implementing-ufs-boot-feature"}], "sourceIdentifier": "psirt@wdc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1224"}, {"lang": "en", "value": "CWE-1233"}, {"lang": "en", "value": "CWE-1262"}], "source": "psirt@wdc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-662"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}