CVE-2018-1000205

Published: Jun 26, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.

Affected (1)

Products: Denx: U Boot

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Denx U Boot	Up to 2018.07

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://lists.denx.de/pipermail/u-boot/2018-June/330454.html

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://lists.denx.de/pipermail/u-boot/2018-June/330898.html

Source: cve@mitre.org

Mailing ListMitigationVendor Advisory

https://lists.denx.de/pipermail/u-boot/2018-June/330454.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://lists.denx.de/pipermail/u-boot/2018-June/330898.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListMitigationVendor Advisory

Timeline

No history available yet.