An insufficient validation issue has been found in U-Boot versions 2018.03 and 2020.0. Versions prior to 2018.03 may be affected as well. An attacker having a properly signed FIT image is able to craft arbitrary FIT images that would pass signature validation, resulting in booting and execution of untrusted code. The exploitation relies on the fact that the crafted configuration will be chosen to be booted. This may occur, for example, when the attacker is able to modify the default property of the configurations node and the setup does not explicitly choose to boot a specific configuration.
An insufficient validation issue has been found in U-Boot versions 2018.03 and 2020.0. Versions prior to 2018.03 may be affected as well. An attacker having a properly signed FIT image is able to craft arbitrary FIT images that would pass signature validation, resulting in booting and execution of untrusted code. The exploitation relies on the fact that the crafted configuration will be chosen to be booted. This may occur, for example, when the attacker is able to modify the default property of the configurations node and the setup does not explicitly choose to boot a specific configuration.
https://www.openwall.com/lists/oss-security/2020/03/18/5 https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
Vulmon