CVE-2018-1000205

medium

Description

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.

References

https://lists.denx.de/pipermail/u-boot/2018-June/330898.html

https://lists.denx.de/pipermail/u-boot/2018-June/330454.html

Details

Source: Mitre, NVD

Published: 2018-06-26

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00182