Summary

Security Advisory ID : BSA-2017-444

Component : DENX Das U-Boot

Revision : 3.0: Final

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.

Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data.

Affected Products

Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected product.

Products Confirmed Not Vulnerable

Brocade Fabric OS, Brocade NetIron OS, Brocade Network Advisor, Brocade Network OS, Brocade ServerIronADX, Brocade SLX-OS, Brocade Virtual ADX, and Brocade Workflow Composer are confirmed not affected by this vulnerability.

Workaround

There are no workarounds that address this vulnerability.

Revision History