CVE Vulnerability

CVE-2021-27208

When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful.

4.6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

6.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html Product Vendor Advisory
https://www.xilinx.com/support/answers/76201.html Vendor Advisory
http://www.onfi.org/specifications Not Applicable
Configurations

Configuration 1
Information

Published : 2021-03-15 01:15

Updated : 2021-03-30 12:52

NVD link : CVE-2021-27208

Mitre link : CVE-2021-27208

Products Affected
No products.
CWE
CWE-120