Описание
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| u-boot | fixed | 2020.04+dfsg-1 | package | |
| u-boot | ignored | buster | package | |
| u-boot | no-dsa | stretch | package | |
| u-boot | ignored | jessie | package |
Примечания
https://www.openwall.com/lists/oss-security/2020/03/18/5
https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
EPSS
Связанные уязвимости
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
Уязвимость загрузчика U-Boot, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS