CVE-2018-1000205 — Improper Input Validation in U-boot

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 60.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Denx U-boot Debian U-boot

Timeline

PublishedJun 26

Latest updateMay 13

Description

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDdenx/u-boot2018.07

▶debiandebian/u-boot

Patches

Patch: lists.denx.de ↗Patch: lists.denx.de ↗

🔴Vulnerability Details

GHSA

GHSA-8frp-j862-qcw3: U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot↗2022-05-13

▶

OSV

CVE-2018-1000205: U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot↗2018-06-26

▶

📋Vendor Advisories

Debian

CVE-2018-1000205: u-boot - U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified bo...↗2018

▶