CVE-2022-23822 - OpenCVE

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xilinx	Zynq-7000 Zynq-7000 Firmware Zynq-7000s Zynq-7000s Firmware

Configuration 1 [-]

AND

cpe:2.3:o:xilinx:zynq-7000s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:xilinx:zynq-7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl
https://support.xilinx.com/s/article/76974

History

No history.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2022-04-27T16:06:05.276121Z

Updated: 2024-09-16T22:25:01.331Z

Reserved: 2022-01-21T00:00:00

Link: CVE-2022-23822

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-27T17:15:07.517

Modified: 2022-05-09T16:33:38.843

Link: CVE-2022-23822

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Zynq-7000 SoC FSBL"], "product": "Zynq-7000 SoC FSBL", "vendor": "AMD-Xilinx", "versions": [{"lessThanOrEqual": "2022.1", "status": "affected", "version": "2021.2", "versionType": "custom"}]}], "datePublic": "2022-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-27T16:06:05", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.xilinx.com/s/article/76974"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-04-26T15:00:00.000Z", "ID": "CVE-2022-23822", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zynq-7000 SoC FSBL", "version": {"version_data": [{"platform": "Zynq-7000 SoC FSBL", "version_affected": "<=", "version_name": "2021.2", "version_value": "2022.1"}]}}]}, "vendor_name": "AMD-Xilinx"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863 Incorrect Authorization"}]}]}, "references": {"reference_data": [{"name": "https://support.xilinx.com/s/article/76974", "refsource": "MISC", "url": "https://support.xilinx.com/s/article/76974"}, {"name": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl", "refsource": "MISC", "url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:51:46.057Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.xilinx.com/s/article/76974"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"}]}]}, "cveMetadata": {"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2022-23822", "datePublished": "2022-04-27T16:06:05.276121Z", "dateReserved": "2022-01-21T00:00:00", "dateUpdated": "2024-09-16T22:25:01.331Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq-7000s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D610CBD4-00AC-4470-8E66-5B73AC4D3E3A", "versionEndExcluding": "2022.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B820E50-D48F-47C1-BC7F-2823E4948674", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq-7000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A7A35D1-17A0-49DD-9D7F-E4ACA5C57BAE", "versionEndExcluding": "2022.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "A733B279-FD2C-4F20-B220-4D42CD82AB35", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue."}, {"lang": "es", "value": "En este ataque f\u00edsico, un atacante puede explotar el cargador de arranque de primera etapa (FSBL) del SoC Zynq-7000 evitando la autenticaci\u00f3n y cargando una imagen maliciosa en el dispositivo. Esto, a su vez, puede permitir al atacante llevar a cabo otros ataques, como por ejemplo usar el dispositivo como or\u00e1culo de descifrado. Una mitigaci\u00f3n anticipada por medio de un parche 2022.1 resolver\u00e1 el problema"}], "id": "CVE-2022-23822", "lastModified": "2022-05-09T16:33:38.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-27T17:15:07.517", "references": [{"source": "psirt@amd.com", "tags": ["Third Party Advisory"], "url": "https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl"}, {"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://support.xilinx.com/s/article/76974"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "psirt@amd.com", "type": "Secondary"}]}