7.8

CVE-2020-10648

Exploit
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DenxU-boot Version < 2018.03
DenxU-boot Version2020.01 Update-
OpensuseLeap Version15.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.31% 0.672
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/u-boot/u-boot/commits/master
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00030.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/03/18/5
Third Party Advisory
Mailing List
https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
Third Party Advisory
Exploit
https://cert-portal.siemens.com/productcert/html/ssa-577017.html