Vulnerabilities > CVE-2022-23822 - Incorrect Authorization vulnerability in Xilinx Zynq-7000 Firmware and Zynq-7000S Firmware
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Hardware | 2 |