Описание
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 2019.07+dfsg-1ubuntu4~18.04.1 |
| cosmic | ignored | end of life |
| devel | not-affected | 2020.04+dfsg-2ubuntu1 |
| disco | ignored | end of life |
| eoan | not-affected | 2019.01+dfsg-6 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 2019.07+dfsg-1ubuntu4~18.04.1 |
| esm-infra/focal | not-affected | 2019.07+dfsg-1ubuntu6 |
| esm-infra/xenial | needed | |
| focal | not-affected | 2019.07+dfsg-1ubuntu6 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3