6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
34.7%
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
Author | Note |
---|---|
mdeslaur | This fix changes behaviour and would introduce regressions in existing installations. We will not be fixing this issue in Ubuntu stable releases. See here for an example: https://lore.kernel.org/lkml/[email protected]/ https://www.linux4sam.org/bin/view/Linux4SAM/HasherrorwhenbootingFITimage https://github.com/linux4sam/dt-overlay-at91/commit/7ad311899af48efbb43f0e3ac935da5981bd4b2d b6f4c757959f8850e1299a77c8e5713da78e8ec0 is the complete patch set that fixes both CVE-2021-27097 and CVE-2021-27138 |
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
34.7%