CVE-2019-5478
First published: Tue Sep 03 2019(Updated: )
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xilinx Zynq Ultrascale+ Mpsoc Firmware | ||
| Xilinx Zynq Ultrascale+ Mpsoc | ||
| Xilinx Zynq Ultrascale+ Rfsoc Firmware | ||
| Xilinx Zynq Ultrascale+ Rfsoc | ||
| All of | ||
| Amd Zu11eg Firmware | ||
| AMD ZU11EG | ||
| All of | ||
| Amd Zu15eg Firmware | ||
| Amd Zu15eg | ||
| All of | ||
| Amd Zu17eg Firmware | ||
| Amd Zu17eg Firmware | ||
| All of | ||
| Amd Zu19eg Firmware | ||
| Amd Zu19eg Firmware | ||
| All of | ||
| AMD Zu1CG Firmware | ||
| AMD Zu1CG Firmware | ||
| All of | ||
| AMD ZU1EG Firmware | ||
| AMD ZU1EG Firmware | ||
| All of | ||
| Amd Zu21dr Firmware | ||
| Amd Zu21dr | ||
| All of | ||
| Amd Zu25dr Firmware | ||
| Amd Zu25dr Firmware | ||
| All of | ||
| Amd Zu27dr Firmware | ||
| Amd Zu27dr Firmware | ||
| All of | ||
| Amd Zu28dr Firmware | ||
| Amd Zu28dr Firmware | ||
| All of | ||
| Amd Zu29dr Firmware | ||
| Amd Zu29dr Firmware | ||
| All of | ||
| AMD ZU2CG Firmware | ||
| Amd Zu2cg Firmware | ||
| All of | ||
| Amd Zu2eg Firmware | ||
| Amd Zu2eg | ||
| All of | ||
| Amd Zu39dr | ||
| Amd Zu39dr Firmware | ||
| All of | ||
| Amd Zu3cg | ||
| Amd Zu3cg | ||
| All of | ||
| Amd Zu3eg Firmware | ||
| Amd Zu3eg Firmware | ||
| All of | ||
| Amd Zu3tcg | ||
| Amd Zu3tcg Firmware | ||
| All of | ||
| Amd Zu3teg | ||
| Amd Zu3teg Firmware | ||
| All of | ||
| Amd Zu42dr Firmware | ||
| Amd Zu42dr Firmware | ||
| All of | ||
| Amd Zu43dr Firmware | ||
| Amd Zu43dr Firmware | ||
| All of | ||
| Amd Zu46dr Firmware | ||
| Amd Zu46dr Firmware | ||
| All of | ||
| Amd Zu47dr Firmware | ||
| Amd Zu47dr | ||
| All of | ||
| Amd Zu48dr Firmware | ||
| Amd Zu48dr | ||
| All of | ||
| Amd Zu49dr Firmware | ||
| Amd Zu49dr Firmware | ||
| All of | ||
| Amd Zu4cg | ||
| AMD ZU4CG | ||
| All of | ||
| Amd Zu4eg | ||
| Amd Zu4eg | ||
| All of | ||
| Amd Zu4ev | ||
| Amd Zu4ev | ||
| All of | ||
| AMD ZU5CG Firmware | ||
| Amd Zu5cg Firmware | ||
| All of | ||
| Amd Zu5eg | ||
| Amd Zu5eg | ||
| All of | ||
| Amd Zu5ev Firmware | ||
| Amd Zu5ev Firmware | ||
| All of | ||
| Amd Zu63dr Firmware | ||
| Amd Zu63dr Firmware | ||
| All of | ||
| Amd Zu64dr Firmware | ||
| Amd Zu64dr | ||
| All of | ||
| Amd Zu65dr Firmware | ||
| Amd Zu65dr | ||
| All of | ||
| Amd Zu67dr Firmware | ||
| Amd Zu67dr Firmware | ||
| All of | ||
| AMD ZU6CG | ||
| Amd Zu6cg Firmware | ||
| All of | ||
| Amd Zu6eg | ||
| Amd Zu6eg Firmware | ||
| All of | ||
| AMD ZU7CG | ||
| Amd Zu7cg Firmware | ||
| All of | ||
| Amd Zu7eg | ||
| Amd Zu7eg Firmware | ||
| All of | ||
| Amd Zu7ev | ||
| Amd Zu7ev Firmware | ||
| All of | ||
| Amd Zu9cg Firmware | ||
| Amd Zu9cg Firmware | ||
| All of | ||
| Amd Zu9eg | ||
| Amd Zu9eg Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-5478?
CVE-2019-5478 has been assessed as having a medium severity level due to its potential impact on secure boot functionality.
How do I fix CVE-2019-5478?
To mitigate CVE-2019-5478, ensure you update to the latest firmware provided by Xilinx for Zynq UltraScale+ devices.
What devices are affected by CVE-2019-5478?
CVE-2019-5478 affects Xilinx Zynq UltraScale+ and Zynq UltraScale+ RFSoC devices in Encrypt Only boot mode.
What risks does CVE-2019-5478 pose to my system?
CVE-2019-5478 may allow an adversary to manipulate boot control fields, leading to improper secure boot behavior.
Can CVE-2019-5478 be exploited remotely?
CVE-2019-5478 is not specifically a remote vulnerability, but it can be exploited by physical access to the affected devices.
- agent/references
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/xilinx
- canonical/xilinx zynq ultrascale+ mpsoc firmware
- canonical/xilinx zynq ultrascale+ mpsoc
- canonical/xilinx zynq ultrascale+ rfsoc firmware
- canonical/xilinx zynq ultrascale+ rfsoc
- vendor/amd
- canonical/amd zu11eg firmware
- canonical/amd zu11eg
- canonical/amd zu15eg firmware
- canonical/amd zu15eg
- canonical/amd zu17eg firmware
- canonical/amd zu19eg firmware
- canonical/amd zu1cg firmware
- canonical/amd zu1eg firmware
- canonical/amd zu21dr firmware
- canonical/amd zu21dr
- canonical/amd zu25dr firmware
- canonical/amd zu27dr firmware
- canonical/amd zu28dr firmware
- canonical/amd zu29dr firmware
- canonical/amd zu2cg firmware
- canonical/amd zu2eg firmware
- canonical/amd zu2eg
- canonical/amd zu39dr
- canonical/amd zu39dr firmware
- canonical/amd zu3cg
- canonical/amd zu3eg firmware
- canonical/amd zu3tcg
- canonical/amd zu3tcg firmware
- canonical/amd zu3teg
- canonical/amd zu3teg firmware
- canonical/amd zu42dr firmware
- canonical/amd zu43dr firmware
- canonical/amd zu46dr firmware
- canonical/amd zu47dr firmware
- canonical/amd zu47dr
- canonical/amd zu48dr firmware
- canonical/amd zu48dr
- canonical/amd zu49dr firmware
- canonical/amd zu4cg
- canonical/amd zu4eg
- canonical/amd zu4ev
- canonical/amd zu5cg firmware
- canonical/amd zu5eg
- canonical/amd zu5ev firmware
- canonical/amd zu63dr firmware
- canonical/amd zu64dr firmware
- canonical/amd zu64dr
- canonical/amd zu65dr firmware
- canonical/amd zu65dr
- canonical/amd zu67dr firmware
- canonical/amd zu6cg
- canonical/amd zu6cg firmware
- canonical/amd zu6eg
- canonical/amd zu6eg firmware
- canonical/amd zu7cg
- canonical/amd zu7cg firmware
- canonical/amd zu7eg
- canonical/amd zu7eg firmware
- canonical/amd zu7ev
- canonical/amd zu7ev firmware
- canonical/amd zu9cg firmware
- canonical/amd zu9eg
- canonical/amd zu9eg firmware