search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Vulnerability Note VU#166743

Original Release Date: 2017-09-08 | Last Revised: 2017-10-12

Overview

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.

Description

CWE-329: Not Using a Random IV with CBC Mode - CVE-2017-3225

Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data.

CWE-208: Information Exposure Through Timing Discrepancy - CVE-2017-3226

Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message.

The immediate failure can be used as an oracle for a Vaudenay-style timing attack on the cryptography, allowing a dedicated attacker to decrypt and potentially modify the contents of the device.

Impact

An attacker with physical access to the device may be able to decrypt the device's contents.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. U-Boot versions prior to 2017.09 contain the vulnerable code; the feature was deprecated and removed in the 2017.09 release.

Vendor Information

166743
 
Expand all

Brocade Communication Systems Not Affected

Notified:  July 03, 2017 Updated: October 12, 2017

Statement Date:   October 11, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Brocade products are not affected. Users may find Brocade's full statement in the advisories at the URLs below.

Vendor References

D-Link Systems, Inc. Not Affected

Notified:  July 03, 2017 Updated: August 18, 2017

Statement Date:   August 16, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

D-Link has performed an audit and determined that no presently-supported devices utilize U-Boot. Furthermore, legacy products that make use of U-Boot do not appear to be impacted.

Juniper Networks Not Affected

Notified:  July 03, 2017 Updated: August 23, 2017

Statement Date:   August 23, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NXP Semiconductors Inc. Not Affected

Notified:  July 03, 2017 Updated: September 14, 2017

Statement Date:   September 08, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

NXP does not enable the affected encryption feature for its products.

QUALCOMM Incorporated Not Affected

Notified:  July 03, 2017 Updated: July 17, 2017

Statement Date:   July 17, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Texas Instruments Not Affected

Notified:  July 03, 2017 Updated: September 21, 2017

Statement Date:   September 20, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

According to TI, the version(s) of Das U-Boot included with TI products does not enable the encryption functionality, and so is unaffected.

Ubiquiti Networks Not Affected

Notified:  July 03, 2017 Updated: July 18, 2017

Statement Date:   July 17, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Broadcom Unknown

Notified:  July 03, 2017 Updated: July 03, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

    Cavium Unknown

    Notified:  July 03, 2017 Updated: July 03, 2017

    Status

    Unknown

    Vendor Statement

    We have not received a statement from the vendor.

    Vendor References

      Cisco Unknown

      Notified:  July 03, 2017 Updated: July 03, 2017

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor References

        DENX Software Unknown

        Notified:  July 06, 2017 Updated: July 06, 2017

        Status

        Unknown

        Vendor Statement

        We have not received a statement from the vendor.

        Vendor References

          Imagination Technologies Unknown

          Notified:  July 03, 2017 Updated: July 03, 2017

          Status

          Unknown

          Vendor Statement

          We have not received a statement from the vendor.

          Vendor References

            Marvell Semiconductors Unknown

            Notified:  July 03, 2017 Updated: July 03, 2017

            Status

            Unknown

            Vendor Statement

            We have not received a statement from the vendor.

            Vendor References

              Oracle Corporation Unknown

              Notified:  July 03, 2017 Updated: July 03, 2017

              Status

              Unknown

              Vendor Statement

              We have not received a statement from the vendor.

              Vendor References

                STMicroelectronics Unknown

                Notified:  July 03, 2017 Updated: July 03, 2017

                Status

                Unknown

                Vendor Statement

                We have not received a statement from the vendor.

                Vendor References

                  View all 15 vendors View less vendors


                  CVSS Metrics

                  Group Score Vector
                  Base 5.6 AV:L/AC:H/Au:N/C:C/I:C/A:N
                  Temporal 5 E:POC/RL:U/RC:C
                  Environmental 3.8 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

                  References

                  Acknowledgements

                  Thanks to Allan Xavier for reporting this vulnerability.

                  This document was written by Garret Wassermann.

                  Other Information

                  CVE IDs: CVE-2017-3225, CVE-2017-3226
                  Date Public: 2017-09-08
                  Date First Published: 2017-09-08
                  Date Last Updated: 2017-10-12 12:52 UTC
                  Document Revision: 55

                  Sponsored by CISA.

                  Download PGP Key

                  Read CERT/CC Blog

                  Learn about Vulnerability Analysis