不恰当的同步机制
CVE编号
CVE-2022-23005利用情况
暂无补丁情况
N/A披露时间
2023-01-24漏洞描述
Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/pub... | |
| https://www.westerndigital.com/support/product-security/wdc-23001-host-boot-r... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | jedec | universal_flash_storage | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | westerndigital | inand_eu311_mobile_mc_ufs | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | westerndigital | inand_eu312_automotive_xa_at_ufs | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | westerndigital | inand_eu312_industrial_ix_ufs | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 高
- 影响范围 已更改
- 用户交互 无
- 可用性 高
- 保密性 无
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-662 | 不恰当的同步机制 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论