Das U-Boot Multiple Local Arbitrary Code Execution Vulnerabilities

Bugtraq ID:	105852
Class:	Unknown
CVE:	CVE-2018-18440 CVE-2018-18439
Remote:	No
Local:	Yes
Published:	Nov 02 2018 12:00AM
Updated:	Nov 02 2018 12:00AM
Credit:	Inverse Path team at F-Secure, in collaboration with Quarkslab.
Vulnerable:	U-Boot Das U-Boot 0
Not Vulnerable:

Das U-Boot Multiple Local Arbitrary Code Execution Vulnerabilities

Das U-Boot is prone to multiple local arbitrary code-execution vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of the U-Boot instance. Failed exploit attempts will likely cause a denial-of-service condition.

Das U-Boot Multiple Local Arbitrary Code Execution Vulnerabilities

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Das U-Boot Multiple Local Arbitrary Code Execution Vulnerabilities

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Das U-Boot Multiple Local Arbitrary Code Execution Vulnerabilities

References:

• CVE-2018-18439, CVE-2018-18440 - U-Boot verified boot bypass vulnerabilities (seclists.org)
  
• Das U-Boot Home Page (U-boot)
  
• U-Boot security advisory (CVE-2018-18440, CVE-2018-18439) (inversepath)