Vulnerabilities > CVE-2022-23822 - Incorrect Authorization vulnerability in Xilinx Zynq-7000 Firmware and Zynq-7000S Firmware

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

xilinx

CWE-863

NVD

Published: 2022-04-27

Updated: 2022-05-09

Summary

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.

Vulnerable Configurations

Part	Description	Count
OS	Xilinx Xilinx Zynq 7000S Firmware - Xilinx Zynq 7000 Firmware -	2
Hardware	Xilinx Xilinx Zynq 7000S - Xilinx Zynq 7000 -	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_apps/zynq_fsbl
https://support.xilinx.com/s/article/76974