{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "2013.07" }, { "last_affected": "2014.07" }, { "introduced": "0" }, { "last_affected": "2013.07-rc1" }, { "introduced": "0" }, { "last_affected": "2013.07-rc2" }, { "introduced": "0" }, { "last_affected": "2013.07-rc3" }, { "introduced": "0" }, { "last_affected": "2014.07-rc1" }, { "introduced": "0" }, { "last_affected": "2014.07-rc2" } ] }, "events": [ { "introduced": "62c175fbb8a0f9a926c88294ea9f7e88eb898f6c" }, { "last_affected": "524123a70761110c5cf3ccc5f52f6d4da071b959" }, { "introduced": "0" }, { "last_affected": "216a793cc1702227fd4ad624080f585038d1fa45" }, { "introduced": "0" }, { "last_affected": "e6bf18dba2a21bebf2c421b1c2e188225f6485a1" }, { "introduced": "0" }, { "last_affected": "68c517eafcb060aa8ef92ed2620f0f41c5275d89" }, { "introduced": "0" }, { "last_affected": "3e41c54ad8099951d57c3c5a0f5ebc6e8becf70c" }, { "introduced": "0" }, { "last_affected": "0116f40bbc269c57566d69e0db8cb9da2e194d33" } ], "repo": "https://github.com/u-boot/u-boot", "type": "GIT" } ] } ], "details": "An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.", "id": "CVE-2018-3968", "modified": "2026-03-13T21:49:18.887713580Z", "published": "2019-03-21T17:29:00.493Z", "references": [ { "type": "EVIDENCE", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }