Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-10648

Published: 19 March 2020

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.

Priority

Low

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
u-boot
Launchpad, Ubuntu, Debian 		bionic
Released (2020.10+dfsg-1ubuntu0~18.04.2)
eoan Ignored
(end of life)
focal
Released (2021.01+dfsg-3ubuntu0~20.04.3)
groovy Not vulnerable
(2020.04+dfsg-2ubuntu1)
hirsute Not vulnerable
(2020.04+dfsg-2ubuntu1)
impish Not vulnerable
(2020.04+dfsg-2ubuntu1)
jammy Not vulnerable
(2020.04+dfsg-2ubuntu1)
kinetic Not vulnerable
(2020.04+dfsg-2ubuntu1)
lunar Not vulnerable
(2020.04+dfsg-2ubuntu1)
mantic Not vulnerable
(2020.04+dfsg-2ubuntu1)
trusty Does not exist

upstream
Released (2020.04+dfsg-1)
xenial Needed

Patches:
other: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
upstream: https://github.com/u-boot/u-boot/commit/390b26dc270aa3159df0c31775f91cd374a3dd3a
upstream: https://github.com/u-boot/u-boot/commit/382cf62039f775a1aec771645e3cbc32e1e2f0e3
upstream: https://github.com/u-boot/u-boot/commit/472f9113dbbbed88345f3d38de3ff37ca163508e
upstream: https://github.com/u-boot/u-boot/commit/477f559edf1144f95e29173d290818250aa57ef8
upstream: https://github.com/u-boot/u-boot/commit/c021971e132234667eb80bc29bdd4ad6c8d04458
upstream: https://github.com/u-boot/u-boot/commit/1b090032029b35080a5a87c9f1047882d894ab37
upstream: https://github.com/u-boot/u-boot/commit/67acad3db71bb372458fbb8a77749f5eb88aa324
upstream: https://github.com/u-boot/u-boot/commit/67acad3db71bb372458fbb8a77749f5eb88aa324
upstream: https://github.com/u-boot/u-boot/commit/8a9d03732e6d0f68107c80919096e7cf956dcb3d
upstream: https://github.com/u-boot/u-boot/commit/c3aa81e35cc53fcd825e89510cd648288e0b6b92
upstream: https://github.com/u-boot/u-boot/commit/3156ee35a3f11e578442ec7f2f3b96179cb07c94
upstream: https://github.com/u-boot/u-boot/commit/b008677daf2a9dc0335260c7c4e24390487fe0ca
upstream: https://github.com/u-boot/u-boot/commit/72188f546291cfadea99e9383c133d6aaa37d87d
upstream: https://github.com/u-boot/u-boot/commit/da76ed2795f2679ff0fa3c43f2b906157ec7c0b0
upstream: https://github.com/u-boot/u-boot/commit/0e29648f8e7e0aa60c0f7efe9d2efed98f8c0c6e

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading