Main Vulnerability Database Vulnerabilities #VU31263

Cryptographic issues in Universal Boot Loader (U-Boot) - CVE-2017-3226

Published: July 24, 2018 / Updated: July 17, 2020

Vulnerability identifier: #VU31263

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-3226

CWE-ID: CWE-310

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: DENX

Affected software:
Universal Boot Loader (U-Boot)

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message.

How to mitigate CVE-2017-3226

Install update from vendor's website.

Cryptographic issues in Universal Boot Loader (U-Boot) - CVE-2017-3226

Detailed vulnerability description

How to mitigate CVE-2017-3226

Sources

Please verify you're human