Secure Boot Bypass in Marvell SSD Controller Products
CVE-2019-10637

4.6MEDIUM

Key Information:

Vendor: Marvell
Status: 88ss1074 Firmware
Vendor: CVE Published:; 5 June 2019

What is CVE-2019-10637?

Marvell SSD Controllers, including models 88SS1074 and 88SS1090 among others, exhibit a vulnerability where manipulating specific input/output pins can allow attackers to bypass the secure boot protection. This flaw exposes the affected devices to risks of unauthorized access and manipulation, as the integrity of boot processes is compromised. Organizations using these controllers should assess their security posture and monitor for any potential exploitation of this vulnerability to safeguard their data.

References

https://www.marvell.com/documents/x9g4hrszt5ls3udbe1eo/

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2019
Vulnerability Reserved
Mar 29, 2019