CVE-2021-27208 - Vulnerability Details - OpenCVE

When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xilinx	Zynq-7000 Zynq-7000 Firmware Zynq-7000s Zynq-7000s Firmware

Configuration 1 [-]

AND

cpe:2.3:o:xilinx:zynq-7000s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:xilinx:zynq-7000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.onfi.org/specifications
https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html
https://www.xilinx.com/support/answers/76201.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-03-15T12:27:26

Updated: 2024-08-03T20:40:47.492Z

Reserved: 2021-02-12T00:00:00

Link: CVE-2021-27208

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-15T13:15:14.967

Modified: 2024-11-21T05:57:34.830

Link: CVE-2021-27208

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand\u2019s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-24T15:47:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.xilinx.com/support/answers/76201.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.onfi.org/specifications"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-27208", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand\u2019s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html", "refsource": "MISC", "url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"}, {"name": "https://www.xilinx.com/support/answers/76201.html", "refsource": "MISC", "url": "https://www.xilinx.com/support/answers/76201.html"}, {"name": "http://www.onfi.org/specifications", "refsource": "MISC", "url": "http://www.onfi.org/specifications"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:40:47.492Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.xilinx.com/support/answers/76201.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.onfi.org/specifications"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-27208", "datePublished": "2021-03-15T12:27:26", "dateReserved": "2021-02-12T00:00:00", "dateUpdated": "2024-08-03T20:40:47.492Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq-7000s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B1D2D0-34CB-4BAA-982C-FFEBCA5C7A76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq-7000s:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B820E50-D48F-47C1-BC7F-2823E4948674", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq-7000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "74141029-1B75-4D78-B1AE-9FCB0BA8498B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq-7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "A733B279-FD2C-4F20-B220-4D42CD82AB35", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand\u2019s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful."}, {"lang": "es", "value": "Cuando se arranca un dispositivo Zync-7000 SOC desde la memoria flash nand, el controlador nand en la ROM no comprueba las entradas cuando se leen en par\u00e1metros any en la p\u00e1gina de par\u00e1metros nand. SI un campo le\u00eddo desde la p\u00e1gina de par\u00e1metros es demasiado grande, esto causa un desbordamiento del b\u00fafer que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria. Es necesario un acceso f\u00edsico y modificaci\u00f3n al dispositivo Zynq-7000 para reemplazar la memoria flash nand original con un emulador flash nand para que este ataque tenga \u00e9xito"}], "id": "CVE-2021-27208", "lastModified": "2024-11-21T05:57:34.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-15T13:15:14.967", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://www.onfi.org/specifications"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.xilinx.com/support/answers/76201.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://www.onfi.org/specifications"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.xilinx.com/support/answers/76201.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}