CVE-2018-3968

NameCVE-2018-3968
DescriptionAn exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
u-boot (PTS)jessie2014.10+dfsg1-5fixed
stretch2016.11+dfsg1-4fixed
buster2019.01+dfsg-7fixed
bullseye2021.01+dfsg-5fixed
bookworm2023.01+dfsg-2+deb12u1fixed
sid, trixie2024.01+dfsg-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
u-bootsource(unstable)2014.07+dfsg1-1

Notes

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633

Search for package or bug name: Reporting problems