Improper Access Control for Volatile Memory Containing Boot Code

CVE-2022-2482

High

8.8/10

Summary

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1274 - Improper Access Control for Volatile Memory Containing Boot Code

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

References

Advisory Timeline

Published Jan 06, 2023

Improper Access Control for Volatile Memory Containing Boot Code

CVE-2022-2482

Summary

CWE-1274 - Improper Access Control for Volatile Memory Containing Boot Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS