CVE-2018-3968Improper Verification of Cryptographic Signature in U-boot

CWE-347Improper Verification of Cryptographic Signature5 documents5 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 92.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Denx U-bootDebian U-boot
Timeline
PublishedMar 21
Latest updateMay 13

Description

An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

debiandebian/u-boot< u-boot 2014.07+dfsg1-1 (bookworm)
Debiandenx/u-boot< 2014.07+dfsg1-1+3
NVDdenx/u-boot2013.072014.07+2

🔴Vulnerability Details

2
GHSA
GHSA-xjmf-xr2j-gfx7: An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 20132022-05-13
OSV
CVE-2018-3968: An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 20132019-03-21

📋Vendor Advisories

1
Debian
CVE-2018-3968: u-boot - An exploitable vulnerability exists in the verified boot protection of the Das U...2018

🕵️Threat Intelligence

1
Talos
Vulnerability Spotlight: Multiple Vulnerabilities in CUJO Smart Firewall, Das U-Boot, OCTEON SDK, Webroot BrightCloud2019-03-19
CVE-2018-3968 — Debian U-boot vulnerability | cvebase