U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.
References
Link | Resource |
---|---|
https://lists.denx.de/pipermail/u-boot/2018-June/330454.html | Mailing List Patch Vendor Advisory |
https://lists.denx.de/pipermail/u-boot/2018-June/330898.html | Mailing List Mitigation Vendor Advisory |
https://lists.denx.de/pipermail/u-boot/2018-June/330454.html | Mailing List Patch Vendor Advisory |
https://lists.denx.de/pipermail/u-boot/2018-June/330898.html | Mailing List Mitigation Vendor Advisory |
Configurations
History
21 Nov 2024, 03:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.denx.de/pipermail/u-boot/2018-June/330454.html - Mailing List, Patch, Vendor Advisory | |
References | () https://lists.denx.de/pipermail/u-boot/2018-June/330898.html - Mailing List, Mitigation, Vendor Advisory |
Information
Published : 2018-06-26 16:29
Updated : 2024-11-21 03:39
NVD link : CVE-2018-1000205
Mitre link : CVE-2018-1000205
CVE.ORG link : CVE-2018-1000205
JSON object : View
Products Affected
denx
- u-boot
CWE
CWE-20
Improper Input Validation