U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.
References
Link | Resource |
---|---|
https://lists.denx.de/pipermail/u-boot/2018-June/330454.html | Mailing List Patch Vendor Advisory |
https://lists.denx.de/pipermail/u-boot/2018-June/330898.html | Mitigation Mailing List Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-06-26 16:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-1000205
Mitre link : CVE-2018-1000205
CVE.ORG link : CVE-2018-1000205
JSON object : View
Products Affected
denx
- u-boot
CWE
CWE-20
Improper Input Validation