UBUNTU-CVE-2018-1000205

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-1000205

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000205.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2018-1000205

Upstream

CVE-2018-1000205

Published

2018-06-26T16:29:00Z

Modified

2025-07-18T16:44:53Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Ubuntu - negligible

Summary

[none]

Details

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.

References

Affected packages

Ubuntu:Pro:16.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2016.01+dfsg1-2ubuntu5?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2015.*

2015.04+dfsg1-2ubuntu1

2015.10+dfsg1-2

2015.10+dfsg1-3

2015.10+dfsg1-4

2016.*

2016.01+dfsg1-1

2016.01+dfsg1-1ubuntu1

2016.01+dfsg1-2ubuntu1

2016.01+dfsg1-2ubuntu2

2016.01+dfsg1-2ubuntu3

2016.01+dfsg1-2ubuntu5