Описание
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 2019.07+dfsg-1ubuntu4~18.04.1 |
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 2019.07+dfsg-1ubuntu4~18.04.1 |
| esm-infra/focal | not-affected | |
| esm-infra/xenial | not-affected | 2014.07+dfsg1-1 |
| focal | not-affected | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE |
Показывать по
EPSS
4.4 Medium
CVSS2
7 High
CVSS3
Связанные уязвимости
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.
An exploitable vulnerability exists in the verified boot protection of ...
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.
EPSS
4.4 Medium
CVSS2
7 High
CVSS3