When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful.
References
Link | Resource |
---|---|
http://www.onfi.org/specifications | Not Applicable |
https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html | Product Vendor Advisory |
https://www.xilinx.com/support/answers/76201.html | Vendor Advisory |
Configurations
History
24 Mar 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful. |
18 Mar 2021, 18:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 6.8 |
CWE | CWE-120 | |
CPE | cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:* cpe:2.3:o:xilinx:zynq-7000s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:xilinx:zynq-7000_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.xilinx.com/support/answers/76201.html - Vendor Advisory | |
References | (MISC) https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html - Product, Vendor Advisory | |
References | (MISC) http://www.onfi.org/specifications - Not Applicable |
15 Mar 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
15 Mar 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-15 13:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-27208
Mitre link : CVE-2021-27208
CVE.ORG link : CVE-2021-27208
JSON object : View
Products Affected
xilinx
- zynq-7000s
- zynq-7000s_firmware
- zynq-7000
- zynq-7000_firmware
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')