Remote code execution vulnerabilities in DENX U-Boot

Published: 2018-11-07 11:04:42
Severity High
Patch available NO
Number of vulnerabilities 2
CVE ID CVE-2018-18440
CVE-2018-18439
CVSSv3 7.1 [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
7.1 [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CWE ID CWE-120
Exploitation vector Local
Public exploit N/A
Vulnerable software U-Boot
Vulnerable software versions U-Boot -
Vendor URL DENX

Security Advisory

1) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in U-Boot open-source bootloader for embedded devices due to boundary error in the network image boot feature when handling malicious input. A remote attacker can trick the victim into loading a specially crafted image, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

External links

https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR...

2) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in U-Boot open-source bootloader for embedded devices due to boundary error in the filesystem image load feature when handling malicious input. A remote attacker can trick the victim into loading a specially crafted image, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

External links

https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR...

Back to List