Vulnerability Details : CVE-2021-44850
On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card's transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM.
Vulnerability category: Overflow
Products affected by CVE-2021-44850
- cpe:2.3:o:amd:xilinx_z-7012s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:xilinx_z-7014s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:xilinx_z-7010_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:xilinx_z-7015_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:xilinx_z-7020_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:xilinx_z-7030_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:xilinx_z-7035_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:xilinx_z-7045_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:xilinx_z-7100_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:xilinx_z-7007s_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-44850
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-44850
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST |
CWE ids for CVE-2021-44850
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-44850
-
https://support.xilinx.com/s/article/76964
WidgetVendor Advisory
-
https://support.xilinx.com/s/article/47915
47915 - Design Advisory Master Answer Record for Zynq-7000 SoC DevicesVendor Advisory
Jump to