Vulnerability Description
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Zu11Eg Firmware | - |
| Amd | Zu11Eg | - |
| Amd | Zu15Eg Firmware | - |
| Amd | Zu15Eg | - |
| Amd | Zu17Eg Firmware | - |
| Amd | Zu17Eg | - |
| Amd | Zu19Eg Firmware | - |
| Amd | Zu19Eg | - |
| Amd | Zu1Cg Firmware | - |
| Amd | Zu1Cg | - |
| Amd | Zu1Eg Firmware | - |
| Amd | Zu1Eg | - |
| Amd | Zu21Dr Firmware | - |
| Amd | Zu21Dr | - |
| Amd | Zu25Dr Firmware | - |
| Amd | Zu25Dr | - |
| Amd | Zu27Dr Firmware | - |
| Amd | Zu27Dr | - |
| Amd | Zu28Dr Firmware | - |
| Amd | Zu28Dr | - |
Related Weaknesses (CWE)
References
- https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-Third Party Advisory
- https://www.xilinx.com/support/answers/72588.htmlVendor Advisory
- https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-Third Party Advisory
- https://www.xilinx.com/support/answers/72588.htmlVendor Advisory
FAQ
What is CVE-2019-5478?
CVE-2019-5478 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boo...
How severe is CVE-2019-5478?
CVE-2019-5478 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5478?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Zu11Eg Firmware, Amd Zu11Eg, Amd Zu15Eg Firmware, Amd Zu15Eg, Amd Zu17Eg Firmware.