CVE-2018-1000205

MEDIUM

U-Boot < 2018.07 - Verified Boot Bypass via Crafted FIT Image

Title source: llm
STIX 2.1

Description

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.

References (2)

Core 2
Core References
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://lists.denx.de/pipermail/u-boot/2018-June/330454.html
Mailing List, Mitigation, Vendor Advisory x_refsource_misc
https://lists.denx.de/pipermail/u-boot/2018-June/330898.html

Scores

CVSS v3 5.5
EPSS 0.0071
EPSS Percentile 49.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
denx/u-boot < 2018.07
Published Jun 26, 2018
Tracked Since Feb 18, 2026