Strix
26.1K

CVE-2019-5478

MEDIUMCVSS 5.5/10EPSS 0.25%

Last modified

CVE-2019-5478 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

Metrics

CVSS 3.1
5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
0.25%

16.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdZu11eg FirmwareAll versions
AmdZu15eg FirmwareAll versions
AmdZu17eg FirmwareAll versions
AmdZu19eg FirmwareAll versions
AmdZu1cg FirmwareAll versions
AmdZu1eg FirmwareAll versions
AmdZu21dr FirmwareAll versions
AmdZu25dr FirmwareAll versions
AmdZu27dr FirmwareAll versions
AmdZu28dr FirmwareAll versions
AmdZu29dr FirmwareAll versions
AmdZu2cg FirmwareAll versions
AmdZu2eg FirmwareAll versions
AmdZu39dr FirmwareAll versions
AmdZu3cg FirmwareAll versions
AmdZu3eg FirmwareAll versions
AmdZu3tcg FirmwareAll versions
AmdZu3teg FirmwareAll versions
AmdZu42dr FirmwareAll versions
AmdZu43dr FirmwareAll versions
AmdZu46dr FirmwareAll versions
AmdZu47dr FirmwareAll versions
AmdZu48dr FirmwareAll versions
AmdZu49dr FirmwareAll versions
AmdZu4cg FirmwareAll versions
AmdZu4eg FirmwareAll versions
AmdZu4ev FirmwareAll versions
AmdZu5cg FirmwareAll versions
AmdZu5eg FirmwareAll versions
AmdZu5ev FirmwareAll versions
AmdZu63dr FirmwareAll versions
AmdZu64dr FirmwareAll versions
AmdZu65dr FirmwareAll versions
AmdZu67dr FirmwareAll versions
AmdZu6cg FirmwareAll versions
AmdZu6eg FirmwareAll versions
AmdZu7cg FirmwareAll versions
AmdZu7eg FirmwareAll versions
AmdZu7ev FirmwareAll versions
AmdZu9cg FirmwareAll versions
AmdZu9eg FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2019-5478?
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.
How severe is CVE-2019-5478?
CVE-2019-5478 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.
How do I fix CVE-2019-5478?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-5478?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST