CVE-2018-1000205 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1000205 Interim 1 13 2022-10-15T15:43:43Z current 2021-05-30T14:20:36Z 2022-10-15T15:43:43Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1000205 U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 u-boot u-boot-tools u-boot-tools as a component of SUSE Linux Enterprise Module for Basesystem 15 u-boot as a component of SUSE Linux Enterprise Module for Basesystem 15 u-boot-tools as a component of SUSE Linux Enterprise Server 12 SP3 u-boot as a component of SUSE Linux Enterprise Server 12 SP3 U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. CVE-2018-1000205 SUSE Linux Enterprise Module for Basesystem 15:u-boot SUSE Linux Enterprise Module for Basesystem 15:u-boot-tools SUSE Linux Enterprise Server 12 SP3:u-boot SUSE Linux Enterprise Server 12 SP3:u-boot-tools moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N