Headline
CVE-2022-23822: embeddedsw/lib/sw_apps/zynq_fsbl at master · Xilinx/embeddedsw
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.
Latest commit
This patch fixes the secure vulnerability of parition header(PH) authentication, in existing code the actual buffer used and authenticated are different, this patch fixes the issue by considering the actual used buffer of partition header while calculating the SHA2 digest
Signed-off-by: VNSL Durga Challa [email protected] Acked-by: Mohan Marutirao Dhanawade [email protected]
83465c9
FilesPermalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time