CERT/CC Vulnerability Note VU#166743

Overview

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.

Description

CWE-329: Not Using a Random IV with CBC Mode - CVE-2017-3225

Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data.

CWE-208: Information Exposure Through Timing Discrepancy - CVE-2017-3226

Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message.

The immediate failure can be used as an oracle for a Vaudenay-style timing attack on the cryptography, allowing a dedicated attacker to decrypt and potentially modify the contents of the device.

Impact

An attacker with physical access to the device may be able to decrypt the device's contents.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. U-Boot versions prior to 2017.09 contain the vulnerable code; the feature was deprecated and removed in the 2017.09 release.

Vendor Information

166743

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Brocade Communication Systems Not Affected

D-Link Systems, Inc. Not Affected

Juniper Networks Not Affected

NXP Semiconductors Inc. Not Affected

QUALCOMM Incorporated Not Affected

Texas Instruments Not Affected

Ubiquiti Networks Not Affected

Broadcom Unknown

Cavium Unknown

Cisco Unknown

DENX Software Unknown

Imagination Technologies Unknown

Marvell Semiconductors Unknown

Oracle Corporation Unknown

STMicroelectronics Unknown

View all 15 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base	5.6	AV:L/AC:H/Au:N/C:C/I:C/A:N
Temporal	5	E:POC/RL:U/RC:C
Environmental	3.8	CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Allan Xavier for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs:	CVE-2017-3225, CVE-2017-3226
Date Public:	2017-09-08
Date First Published:	2017-09-08
Date Last Updated:	2017-10-12 12:52 UTC
Document Revision:	55

Software Engineering Institute

CERT Coordination Center

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Vulnerability Note VU#166743