CVE-2018-1000205
MEDIUMU-Boot < 2018.07 - Verified Boot Bypass via Crafted FIT Image
Title source: llmDescription
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.
References (2)
Core 2
Core References
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://lists.denx.de/pipermail/u-boot/2018-June/330454.html
Mailing List, Mitigation, Vendor Advisory x_refsource_misc
https://lists.denx.de/pipermail/u-boot/2018-June/330898.html
Scores
CVSS v3
5.5
EPSS
0.0071
EPSS Percentile
49.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
denx/u-boot
< 2018.07
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026