* Source code from bugbounty branch is available in [Github](https://github.com/Xilinx/XRT/tree/bugbounty).
* XRT documentation is available [here](https://xilinx.github.io/XRT/master/html/index.html).
* Documentation for the Software toolkit that uses XRT is available [here](https://www.xilinx.com/cgi-bin/docs/rdoc?t=vitis+doc;v=latest;d=kme1569523964461.html).
* In scope:
* Security issues found in XRT and its binaries except those listed in the "Out of scope" section below.
* Out of scope:
* Test directory
* XRT/tests
* AWS user and driver
* XRT/src/runtime_src/core/pcie/driver/aws
* XRT/src/runtime_src/core/pcie/user_aws
* Legacy utilities
* XRT/src/runtime_src/core/pcie/tools/xbutil
* XRT/src/runtime_src/core/edge/tools/xbutil
* XRT/src/runtime_src/core/pcie/tools/xbmgmt
* Security bugs in Bootgen code that can allow the boot image running on the device to be hacked to gain unauthorized access for deploying rogue software on the SoC, which can cause device to malfunction.
* Source code from latest release available in [Github](https://github.com/Xilinx/bootgen).
* Refer to [Xilinx UG1283](https://www.xilinx.com/support/documentation/sw_manuals/xilinx2020_1/ug1283-bootgen-user-guide.pdf) for details about how a Boot Image can be created and loaded onto a Xilinx SoC.
* Exceptions:
* It is assumed that the input files passed to Bootgen are verified and trusted. Using any malformed input files to tamper with the device boot or security is not in scope.
* Not using header encryption for Zynq/ZU+.
* Using different version than OpenSSL 1.1.1b.
* Using unique key/IV pairs for encryption:
* It is a security requirement to not use unique key/IV pairs, but is implemented for ZU+ only, and not for Zynq SoC.
* It is recommended to use different seed for key generation.
* The code does not check if any keys specified by the user are repeated.
Vulnerabilities pertaining to any Xilinx product except those listed "In Scope".
This asset is out of scope.