UBUNTU-CVE-2018-1000205
- Source
- https://ubuntu.com/security/CVE-2018-1000205
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000205.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2018-1000205
- Related
- Published
- 2018-06-26T16:29:00Z
- Modified
- 2025-01-13T10:21:51Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / u-boot
Package
- Name
- u-boot
- Purl
- pkg:deb/ubuntu/u-boot@2016.01+dfsg1-2ubuntu5?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS / u-boot
Package
- Name
- u-boot
- Purl
- pkg:deb/ubuntu/u-boot@2019.07+dfsg-1ubuntu4~18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2019.07+dfsg-1ubuntu4~18.04.1
Affected versions
2016.*
2016.03+dfsg1-6ubuntu2
2018.*
2018.07~rc3+dfsg1-0ubuntu1~18.04.1
2018.07~rc3+dfsg1-0ubuntu2~18.04.1
2018.07~rc3+dfsg1-0ubuntu3~18.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "negligible",
"binaries": [
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot"
},
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot-amlogic"
},
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot-exynos"
},
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot-imx"
},
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot-omap"
},
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot-qcom"
},
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot-rockchip"
},
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot-rpi"
},
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot-sunxi"
},
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot-tegra"
},
{
"binary_version": "2019.07+dfsg-1ubuntu4~18.04.1",
"binary_name": "u-boot-tools"
}
]
}
Ubuntu:20.04:LTS / u-boot
Package
- Name
- u-boot
- Purl
- pkg:deb/ubuntu/u-boot@2019.07+dfsg-1ubuntu6?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2019.07+dfsg-1ubuntu6
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "negligible",
"binaries": [
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-amlogic"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-exynos"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-imx"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-mvebu"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-omap"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-qcom"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-rockchip"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-rpi"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-sunxi"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-tegra"
},
{
"binary_version": "2019.07+dfsg-1ubuntu6",
"binary_name": "u-boot-tools"
}
]
}