Vulnerability Description
The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gumstix | Overo Sbc | <= 2022-08-09 |
Related Weaknesses (CWE)
References
- https://github.com/subreption/birdwatch-report-1-repoThird Party Advisory
- https://subreption.com/downloads/reports/demystifying-the-orlan-10_opt.pdfTechnical DescriptionThird Party Advisory
- https://subreption.com/press-releases/2022-birdwatch-first-report/Third Party Advisory
- https://github.com/subreption/birdwatch-report-1-repoThird Party Advisory
- https://subreption.com/downloads/reports/demystifying-the-orlan-10_opt.pdfTechnical DescriptionThird Party Advisory
- https://subreption.com/press-releases/2022-birdwatch-first-report/Third Party Advisory
FAQ
What is CVE-2022-38161?
CVE-2022-38161 is a vulnerability with a CVSS score of 7.5 (HIGH). The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.
How severe is CVE-2022-38161?
CVE-2022-38161 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-38161?
Check the references section above for vendor advisories and patch information. Affected products include: Gumstix Overo Sbc.