CVE-2018-3968
8.2
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Das U-Boot | Das U-Boot 2013.07-rc1 to 2014.07-rc2 OCTEON-SDK 3.1.2 to 5.1 CUJO Smart Firewall - Firmware version 7003 | affected |
Weaknesses
- Improper Verification of Cryptographic Signature
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.