search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Vulnerability Note VU#166743

Original Release Date: 2017-09-08 | Last Revised: 2017-10-12

Overview

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.

Description

CWE-329: Not Using a Random IV with CBC Mode - CVE-2017-3225

Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data.

CWE-208: Information Exposure Through Timing Discrepancy - CVE-2017-3226

Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message.

The immediate failure can be used as an oracle for a Vaudenay-style timing attack on the cryptography, allowing a dedicated attacker to decrypt and potentially modify the contents of the device.

Impact

An attacker with physical access to the device may be able to decrypt the device's contents.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. U-Boot versions prior to 2017.09 contain the vulnerable code; the feature was deprecated and removed in the 2017.09 release.

Vendor Information

166743
Expand all

Brocade Communication Systems

Notified:  July 03, 2017 Updated:  October 12, 2017

Statement Date:   October 11, 2017

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Brocade products are not affected. Users may find Brocade's full statement in the advisories at the URLs below.

Vendor References

http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-445.htm http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-444.htm

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

D-Link Systems, Inc.

Notified:  July 03, 2017 Updated:  August 18, 2017

Statement Date:   August 16, 2017

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

D-Link has performed an audit and determined that no presently-supported devices utilize U-Boot. Furthermore, legacy products that make use of U-Boot do not appear to be impacted.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks

Notified:  July 03, 2017 Updated:  August 23, 2017

Statement Date:   August 23, 2017

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NXP Semiconductors Inc.

Notified:  July 03, 2017 Updated:  September 14, 2017

Statement Date:   September 08, 2017

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

NXP does not enable the affected encryption feature for its products.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

QUALCOMM Incorporated

Notified:  July 03, 2017 Updated:  July 17, 2017

Statement Date:   July 17, 2017

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Texas Instruments

Notified:  July 03, 2017 Updated:  September 21, 2017

Statement Date:   September 20, 2017

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

According to TI, the version(s) of Das U-Boot included with TI products does not enable the encryption functionality, and so is unaffected.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ubiquiti Networks

Notified:  July 03, 2017 Updated:  July 18, 2017

Statement Date:   July 17, 2017

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Broadcom

Notified:  July 03, 2017 Updated:  July 03, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cavium

Notified:  July 03, 2017 Updated:  July 03, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco

Notified:  July 03, 2017 Updated:  July 03, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

DENX Software

Notified:  July 06, 2017 Updated:  July 06, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Imagination Technologies

Notified:  July 03, 2017 Updated:  July 03, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Marvell Semiconductors

Notified:  July 03, 2017 Updated:  July 03, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Oracle Corporation

Notified:  July 03, 2017 Updated:  July 03, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

STMicroelectronics

Notified:  July 03, 2017 Updated:  July 03, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 5.6 AV:L/AC:H/Au:N/C:C/I:C/A:N
Temporal 5.0 E:POC/RL:U/RC:C
Environmental 3.8 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Allan Xavier for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2017-3225, CVE-2017-3226
Date Public: 2017-09-08
Date First Published: 2017-09-08
Date Last Updated: 2017-10-12 12:52 UTC
Document Revision: 54

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.