| Name | CVE-2018-1000205 |
| Description | U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| u-boot (PTS) | bullseye | 2021.01+dfsg-5 | vulnerable |
| bookworm | 2023.01+dfsg-2+deb12u1 | vulnerable | |
| sid, trixie | 2024.01+dfsg-5 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| u-boot | source | (unstable) | (unfixed) | unimportant |
No security impact as supported/packaged in Debian