CVE-2018-1000205: Input Validation
First published: Tue Jun 26 2018(Updated: )
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| DENX U-Boot | <=2018.07 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this U-Boot vulnerability?
The vulnerability ID for this U-Boot vulnerability is CVE-2018-1000205.
What is the severity of CVE-2018-1000205?
The severity of CVE-2018-1000205 is medium with a CVSS score of 5.5.
What is the description of CVE-2018-1000205?
CVE-2018-1000205 is an Improper Input Validation vulnerability in U-Boot that allows bypassing verified boot.
How is CVE-2018-1000205 exploited?
CVE-2018-1000205 can be exploited using specially crafted FIT image and special device memory functionality.
Is there a fix available for CVE-2018-1000205?
Yes, a fix is available for CVE-2018-1000205 in U-Boot version 2018.07.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/denx
- canonical/denx u-boot
- version/denx u-boot/2018.07