Remote code execution vulnerabilities in DENX U-Boot



Published: 2018-11-07 | Updated: 2022-12-20
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-18440
CVE-2018-18439
CWE-ID CWE-120
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		U-Boot
Client/Desktop applications / Other client software

Vendor DENX

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU15741

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18440

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in U-Boot open-source bootloader for embedded devices due to boundary error in the network image boot feature when handling malicious input. A remote attacker can trick the victim into loading a specially crafted image, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

U-Boot: All versions

External links

http://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU15742

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18439

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in U-Boot open-source bootloader for embedded devices due to boundary error in the filesystem image load feature when handling malicious input. A remote attacker can trick the victim into loading a specially crafted image, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

U-Boot: All versions

External links

http://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###