CVE-2019-11690

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-11690

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11690.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11690

Related

Published

2019-05-03T13:29:00Z

Modified

2025-02-19T02:46:01.333541Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.

References

Affected packages

Debian:11 / u-boot

Package

Name: u-boot
Purl: pkg:deb/debian/u-boot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2019.01+dfsg-6

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / u-boot

Package

Name: u-boot
Purl: pkg:deb/debian/u-boot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2019.01+dfsg-6

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / u-boot

Package

Name: u-boot
Purl: pkg:deb/debian/u-boot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2019.01+dfsg-6

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/u-boot/u-boot

Affected ranges

Type: GIT
Repo: https://github.com/u-boot/u-boot
Events: Introduced

dda0dbfc69f3d560c87f5be85f127ed862ea6721

Last affected

3c99166441bf3ea325af2da83cfe65430b49c066

Affected versions

v2014.*

v2014.04

v2014.07

v2014.07-rc1

v2014.07-rc2

v2014.07-rc3

v2014.07-rc4

v2014.10

v2014.10-rc1

v2014.10-rc2

v2014.10-rc3

v2015.*

v2015.01

v2015.01-rc1

v2015.01-rc2

v2015.01-rc3

v2015.01-rc4

v2015.04

v2015.04-rc1

v2015.04-rc2

v2015.04-rc3

v2015.04-rc4

v2015.04-rc5

v2015.07

v2015.07-rc1

v2015.07-rc2

v2015.07-rc3

v2015.10

v2015.10-rc1

v2015.10-rc2

v2015.10-rc3

v2015.10-rc4

v2015.10-rc5

v2016.*

v2016.01

v2016.01-rc1

v2016.01-rc2

v2016.01-rc3

v2016.01-rc4

v2016.03

v2016.03-rc1

v2016.03-rc2

v2016.03-rc3

v2016.05

v2016.05-rc1

v2016.05-rc2

v2016.05-rc3

v2016.07

v2016.07-rc1

v2016.07-rc2

v2016.07-rc3

v2016.09

v2016.09-rc1

v2016.09-rc2

v2016.11

v2016.11-rc1

v2016.11-rc2

v2016.11-rc3

v2017.*

v2017.01

v2017.01-rc1

v2017.01-rc2

v2017.01-rc3

v2017.03

v2017.03-rc1

v2017.03-rc2

v2017.03-rc3

v2017.05

v2017.05-rc1

v2017.05-rc2

v2017.05-rc3

v2017.07

v2017.07-rc1

v2017.07-rc2

v2017.07-rc3

v2017.09

v2017.09-rc1

v2017.09-rc2

v2017.09-rc3

v2017.09-rc4

v2017.11

v2017.11-rc1

v2017.11-rc2

v2017.11-rc3

v2017.11-rc4

v2018.*

v2018.01

v2018.01-rc1

v2018.01-rc2

v2018.01-rc3

v2018.03

v2018.03-rc1

v2018.03-rc2

v2018.03-rc3

v2018.03-rc4

v2018.05

v2018.05-rc1

v2018.05-rc2

v2018.05-rc3

v2018.07

v2018.07-rc1

v2018.07-rc2

v2018.07-rc3

v2018.09

v2018.09-rc1

v2018.09-rc2

v2018.09-rc3

v2018.11

v2018.11-rc1

v2018.11-rc2

v2018.11-rc3

v2019.*

v2019.01

v2019.01-rc1

v2019.01-rc2

v2019.01-rc3

v2019.04

v2019.04-rc1

v2019.04-rc2

v2019.04-rc3

v2019.04-rc4