WDC-23001 Host Boot ROM Code Vulnerability in Systems Implementing UFS Boot Feature | WD

WDC-23001 Host Boot ROM Code Vulnerability in Systems Implementing UFS Boot Feature | WD

WD Hosted Innovation Day 2026 in New York City. Details

.

WD Hosted Innovation Day 2026 in New York City. Details

for Business

for Business   Products By Category Product Portfolio Internal HDDs External HDDs Data Center Storage Accessories By Use Storage Platforms Gaming HDDs Surveillance (CCTV) HDDs RAID HDDs Backups Network Attached Storage (NAS) By Capacity Over 50TB 21 - 50TB 11 - 20TB 5 - 10TB 1 - 4TB Less than 1TB Featured What's New Most Popular Promotions Limited-Time Offers Certified Refurbished Last Chance Shopping for business? Join our business program today to get tiered pricing, rewards for your purchases, and more exclusive benefits.

See All Benefits Sign Up Now

Tiered Pricing for Business Members
Get special rates on select products. New products added monthly.

See All Products with Tiered Pricing Solutions Learn & Compare Compare HDDs HDD vs. SSD Thunderbolt vs. USB-C Compare Color Drives NAS Solutions Data Security & Encryption Use Case Home Backups Gaming Creative Workflows RAID Storage Solutions Smart Video Surveillance (CCTV) Data Center Storage Industries Healthcare Education

Explore how our storage solutions support real-world use cases—from personal backups to enterprise infrastructure.

View All Solutions & Use Cases Support Help Topics Support Home Software Downloads Product Registration Warranty Services Data Recovery Services Order Status Order Status Returns & Replacements Product Security FAQs Contact Support Chat With Us Call Us Email Us

Need help from an expert?

Chat with our support team for help with orders, warranty questions, troubleshooting, or to connect with a representative.

Live Chat with Support

SanDisk Professional hard drives are now G-DRIVE. Support and Product Information are still available, just under a new name.

Company About Us Overview Innovation Our Locations Careers Investors Capital Corporate Responsibility Overview Environment People Supply Chain Ethics Philanthropy Data Privacy Sustainability News & Events Newsroom Press Releases Events Blog Posts Shopping for business? Join our business program today to get tiered pricing, rewards for your purchases, and more exclusive benefits.

See All Benefits Sign Up Now

Tiered Pricing for Business Members
Get special rates on select products. New products added monthly.

See All Products with Tiered Pricing Shopping for business? Join our business program today to get tiered pricing, rewards for your purchases, and more exclusive benefits.

See All Benefits Sign Up Now

Tiered Pricing for Business Members
Get special rates on select products. New products added monthly.

See All Products with Tiered Pricing ✕   Welcome, {{firstName}}! Accounts

Sign In or Create an Accounta Business Account

Sign In Sign In Create Account Create Account

My Shop Account

Overview Orders Returns Service Plans Payment Methods Address Book Personal Details Logout

My Business Account

Overview Orders Returns Easy Reorder Saved Carts Tax Exemption Western Digital Credit Pro Rewards Payment Methods Address Book Personal Details Logout

Other Accounts

Customer Support Business Portal ibi My Cloud   Sign In Buying for yourself or a business? For myself For a business Continue to Sign In ×

Enter a valid email address.

Email

Password field cannot be empty.

Password

By signing in, you agree to Western Digital's Privacy Statement and Terms of Use

Sign InForgot Password?  

Not a member yet?

Join Now Sign In for Business Resend Verification Email ×

Enter your account email address to receive an email to validate your account.

Enter a valid email address.

Email Address Resend Verification Email  

{{resendVerificationSuccessMsg}}

Okay Reset Password

Please update your password to login. Enter your email and click “Reset Password” to continue.

×

Enter a valid email address.

Email Address Reset Password

or Return to Log In.

    Your session timed out.

Log back into your account for special pricing and other benefits.

Sign In 0"> 0"> 0" aria-hidden="true">{{totalItems}} 99 ? 'text-xxxs' : 'text-xxs'" v-if="totalItems > 0" aria-hidden="true"> {{totalItems > 99 ? '99+' : totalItems}} {{promotion.info.title}} {{promotion.info.promoTitle}}

{{promotion.info.desc}}

{{promotion.info.promoDesc}}

{{promotion.info.offerText}}

{{promotion.info.disclosureTitle}} {{promotion.info.disclosureText}} Accept Promotion No Thanks {{promotion.info.promoTitle}}

{{promotion.info.desc}}

{{promotion.info.promoDesc}}

{{bogoItems.productInfo.variantTitle}}

{{promotion.info.offerText}} {{promotion.info.offerTextCtaLabel}}

{{promotion.info.disclosureTitle}} {{promotion.info.disclosureText}} Confirm No Thanks {{promotion.info.desc}}

{{promotion.info.promoDesc}}

{{bogoItems.productInfo.variantTitle}} Starting at {{productPriceObj[bogoItems.productId].prices.list.amountFormatted}} FREE Starting at {{productPriceObj[bogoItems.productId].prices.list.amountFormatted}} {{productPriceObj[bogoItems.productId].prices.list.amountFormatted}} {{productPriceObj[bogoItems.productId].prices.sale.amountFormatted}} 1"> Qty. {{bogoItems.qty}} Add to Cart No Thanks Your Cart ({{totalItems}} {{totalItems == 1 ? 'Item' : 'Items'}}) {{productInfo[mainSkuId].pageTitle}} {{productInfo[mainSkuId].sku}} Qty. {{mainSkuQuantity}}

{{productPriceObj[mainSkuId].prices.list.amountFormatted}}

{{productPriceObj[mainSkuId].prices.sale.amountFormatted}}

{{productPriceObj[mainSkuId].prices.sale.amountFormatted}}

0 ">

Upgrade Your Product

{{productInfo[item.code].variantTitle}} {{productPriceObj[item.code].prices.list.amountFormatted}} {{productPriceObj[item.code].prices.sale.amountFormatted}} {{productPriceObj[item.code].prices.sale.amountFormatted}} {{productPriceObj[item.code].prices.list.amountFormatted}} {{productPriceObj[item.code].prices.upsell.amountFormatted}} {{item.refDesc}} {{updatePromoMessage(item)}} Upgrade Remove 0 ">

You May Also Consider

{{productInfo[item.code].variantTitle}} {{productPriceObj[item.code].prices.list.amountFormatted}} {{productPriceObj[item.code].prices.sale.amountFormatted}} {{productPriceObj[item.code].prices.sale.amountFormatted}} {{item.refDesc}} Add Remove Add Remove Add to Cart No Thanks Sign In and Save! Not a Member? Join Now Loading Adding to Cart...
Successfully added to cart! 0"> 0" class="acceptedPromotions mb-2">

{{acceptedPromotion.description}}

{{item.pageTitle}} {{item.sku}} Qty. {{item.quantity}} {{displayMsg}} {{displayPromoAvailableMsg}} {{defaultPromotions[item.sku]}} FREE {{item.prices.sale.amountFormatted}}

{{item.prices.list.amountFormatted}}

FREE {{item.prices.sale.amountFormatted}}

{{item.prices.sale.amountFormatted}} / {{item.prices.sale.billingPlanName}} *

{{item.prices.list.amountFormatted}}

* Billing begins following the close of your first month of service. Subtotal {{cartItems.subtotal.amountFormatted}} Taxes calculated at checkout View Cart ({{totalItems}}) Checkout 0 || showPopularSearches || featuredProducts.length > 0"> 0"> Recent Searches {{recent}} Clear Recent Searches Popular Searches 0"> Featured Products {{f.pageTitle}} Starting at {{f.minPricedSkuObj.prices.list.amountFormatted}} {{f.minPricedSkuObj.prices.sale.amountFormatted}} / {{f.minPricedSkuObj.prices.sale.billingPlanName}} 0"> 0 || categories.length > 0"> 0 ? 'cols-12 mb-6 text-base font-bold leading-heading md:inline-block mt-2 hidden' : 'cols-12 mb-6 text-base font-bold leading-heading md:inline-block hidden'" v-if="categories.length > 0">Categories 0"> {{c.title}} 0"> Products View All {{p.title[0]}} Starting at {{p.minPricedSkuObj.prices.list.amountFormatted}} {{p.minPricedSkuObj.prices.sale.amountFormatted}} / {{p.minPricedSkuObj.prices.sale.billingPlanName}} 0 || explore.length > 0"> 0">Explore View All 0"> {{e.title[0].replace("| Western Digital","")}} 0 ? 'cols-12 mb-6 text-base leading-heading inline-block mt-2' : 'cols-12 mb-6 text-base leading-heading inline-block'" v-if="support.length > 0">Support View All 0"> {{s.title[0]}} 0 || showGreyBar || suggestions.length > 0" id="greyBar"> Clear Support Product Security Host Boot ROM Code Vulnerability in Systems Implementing UFS Boot Feature WDC Tracking Number: WDC-23001
Published: January 12, 2023

Last Updated:  January 12, 2023

Description Western Digital has identified a weakness in systems using the UFS standard that could result in a security vulnerability. This vulnerability may exist in systems where the host boot ROM code implements the UFS Boot feature to boot from UFS-compliant storage devices. UFS devices are only affected when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices.

The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations.

Several scenarios have been identified in which adversaries may disable the boot capability or revert to an old boot loader code if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability.

Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple host processor vendors, and software solutions providers. Western Digital is publishing this bulletin as part of a multi-party coordinated vulnerability disclosure process to promote security in embedded storage applications.

Update Availability/Remediation Updates should be provided by vendors of host systems which rely on the UFS boot feature as part of their architecture. Affected product vendors should reach out to the provider of their host processor or for details on remediation status.

Advisory Summary This vulnerability may be present in any system using the UFS Boot feature, regardless of manufacturer. The UFS boot feature is provided by UFS devices to support platforms that need to download the system boot loader from an external non-volatile source. To accomplish this, the host reads the Boot Well Known Logical Unit (BOOT WKLU) data at system startup. This step is required for the platform to access the host SoC boot code.

The attack scenarios allow an attacker to completely disable the boot capability of the host platform, rendering the platform useless, or in some cases, it allows the attacker to revert to an old boot loader code. These scenarios may arise due to improper validation of UFS attributes in the host boot ROM code. The attack scenarios typically require elevated permissions on the UFS host, which may be obtained through a separate chain of vulnerabilities involving escalation of privileges. Physical access to the host platform or device is not required.

Disabling platform boot capability scenario:

An attacker which has the requisite permissions to access the bBootLunEn attribute may disable the UFS Boot feature by setting the bBootLunEn attribute to 0x0 in the UFS device. After platform power-up or reset, host Boot ROM code tries to read the Boot Well Known Logical Unit data from the UFS device, however, since the UFS Boot feature was disabled, the operation fails and the host is no longer able to boot.

Downgrade attack scenario:

In the downgrade attack scenario, the adversary sets bBootLunEn to the alternate Boot LU, causing the host platform to boot with a potentially old version of the boot code.

CVE Number: CVE-2022-23005
Reported by: Rotem Sela and Avri Altman of Western Digital
Link to White Paper: Host boot ROM code vulnerability

Compare ({{compareCount}}) Add up to 4 products {{ skuObj.title.length Compare Clear All

Select options

{{modalTitle}} {{variantObj.optionName}} 6"> {{item.text}} {{item.text}}   Add to Compare

{{alertMessage}}

OK

Country/Region:

United States

Shopping

My Account My Account Sign Up for Email Discounts & Promotions Product Portfolio Warranty Policy Return Policy Financing Options Distributors & Resellers Sales Inquiry Shopping FAQ

Programs

Business Account Benefits Data Recovery Recycle Program Western Digital Credit Pro Rewards Partner Programs Affiliate Program Philanthropic Programs Western Digital Capital

Company

About Us News & Events Leadership Corporate Responsibility Privacy Center Blog Careers Investors Office Locations Contact Us

Support

Get Help Resource Library Product Security Online Store Support:
US +1 (855)-799-5529
Monday — Friday, 8am — 5pm PST

Privacy Legal Trademarks Terms of Sale Product Compliance   © 2026 Western Digital Corporation or its affiliates. All rights reserved.