CVE-2019-11690
First published: Fri May 03 2019(Updated: )
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| DENX U-Boot | >=2014.04<=2019.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-11690?
CVE-2019-11690 is a vulnerability in Das U-Boot versions 2014.04 through 2019.04 that allows attackers to determine UUID values in certain scenarios.
How does CVE-2019-11690 affect Das U-Boot?
CVE-2019-11690 affects Das U-Boot versions 2014.04 through 2019.04 by lacking an srand call, which allows UUID values to be determined when CONFIG_RANDOM_UUID is enabled.
What is the severity of CVE-2019-11690?
The severity of CVE-2019-11690 is medium with a CVSSv3 base score of 5.9.
How can I fix CVE-2019-11690?
To fix CVE-2019-11690, update the affected Das U-Boot version to 2019.07 or later where the srand call has been added to gen_rand_uuid function.
Where can I find more information about CVE-2019-11690?
More information about CVE-2019-11690 can be found at the following reference: https://patchwork.ozlabs.org/patch/1092945
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/denx
- canonical/denx u-boot
- version/denx u-boot/2014.04
- version/denx u-boot/2019.04