Strix
26.1K

CVE-2021-44850

MEDIUMCVSS 6.8/10EPSS 0.18%

Last modified

CVE-2021-44850 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. EPSS estimates a 0.18% chance of exploitation in the next 30 days.

Description

On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card's transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM.

Metrics

CVSS 3.1
6.8/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.18%

8.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdXilinx Z-7012s FirmwareAll versions
AmdXilinx Z-7014s FirmwareAll versions
AmdXilinx Z-7010 FirmwareAll versions
AmdXilinx Z-7015 FirmwareAll versions
AmdXilinx Z-7020 FirmwareAll versions
AmdXilinx Z-7030 FirmwareAll versions
AmdXilinx Z-7035 FirmwareAll versions
AmdXilinx Z-7045 FirmwareAll versions
AmdXilinx Z-7100 FirmwareAll versions
AmdXilinx Z-7007s FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-44850?
On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card's transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM.
How severe is CVE-2021-44850?
CVE-2021-44850 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.18% probability of exploitation in the next 30 days.
How do I fix CVE-2021-44850?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-44850?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST