CVE-2020-10648 in u-boot
Hi
I would like to have some advice about the u-boot triaging.
The problem is that someone can load an alternative configuration file
and by that boot arbitrary code.
I assume this means that the attacker must have physical access to the device.
As I see it, this can be used to root devices that should not be
possible to root.
My question is whether you think this is worth fixing in Debian.
I lean towards that we should consider this as a minor issue for
Jessie but here I would like your opinion.
Thank you in advance
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
| ola@inguza.com opal@debian.org |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
---------------------------------------------------------------
Reply to: