CVE-2021-27208

{"id": "CVE-2021-27208", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2021-03-15T13:15:14.967", "references": [{"url": "http://www.onfi.org/specifications", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.xilinx.com/support/answers/76201.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand\u2019s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful."}, {"lang": "es", "value": "Cuando se arranca un dispositivo Zync-7000 SOC desde la memoria flash nand, el controlador nand en la ROM no comprueba las entradas cuando se leen en par\u00e1metros any en la p\u00e1gina de par\u00e1metros nand. SI un campo le\u00eddo desde la p\u00e1gina de par\u00e1metros es demasiado grande, esto causa un desbordamiento del b\u00fafer que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria. Es necesario un acceso f\u00edsico y modificaci\u00f3n al dispositivo Zynq-7000 para reemplazar la memoria flash nand original con un emulador flash nand para que este ataque tenga \u00e9xito"}], "lastModified": "2021-03-30T12:52:36.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq-7000s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59B1D2D0-34CB-4BAA-982C-FFEBCA5C7A76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5B820E50-D48F-47C1-BC7F-2823E4948674"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq-7000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74141029-1B75-4D78-B1AE-9FCB0BA8498B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A733B279-FD2C-4F20-B220-4D42CD82AB35"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}