- Security researchers have found an unpatchable security flaw in the popular Xilinx (NASDAQ:XLNX) Zynq UltraScale+ system-on-chip boards, which are used across a wide range of industries including auto, aviation, consumer electronics, and military applications.
- F-Secure's hardware team Inverse Path found that the Encrypt Only secure boot mode contains two security flaws and doesn't encrypt boot image metadata, leaving the data vulnerable.
- One flaw can't be fixed with a software update and will instead require a new silicon revision. Xilinx hasn't patched the other flaw because the unpatchable problem could let a hacker bypass the fix.
- Xilinx statement: "For systems that must use the Encrypt Only boot mode, customers are advised to consider system level protections that take into account DPA, unauthenticated boot, and partition header attack vectors."
- Read the full technical report on GitHub.
- Xilinx shares are down 1.7% to $105.08.