CVE-2021-44850

Published: Feb 10, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card's transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://support.xilinx.com/s/article/47915

x_refsource_CONFIRM

https://support.xilinx.com/s/article/76964

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-44850

Description

Affected Products

References