CVE Vulnerability

CVE-2022-38161

The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://subreption.com/press-releases/2022-birdwatch-first-report/ Third Party Advisory
https://subreption.com/downloads/reports/demystifying-the-orlan-10_opt.pdf Technical Description Third Party Advisory
https://github.com/subreption/birdwatch-report-1-repo Third Party Advisory
Configurations

Configuration 1

cpe:2.3:h:gumstix:overo_sbc:*:*:*:*:*:*:*:*
Information

Published : 2022-08-11 02:15

Updated : 2022-09-15 05:08

NVD link : CVE-2022-38161

Mitre link : CVE-2022-38161

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer