{"id":"CVE-2019-11690","details":"gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.","modified":"2026-03-14T09:32:07.849910Z","published":"2019-05-03T13:29:00.343Z","related":["SUSE-SU-2020:3255-1","SUSE-SU-2020:3256-1","SUSE-SU-2020:3282-1","SUSE-SU-2020:3283-1","SUSE-SU-2020:3474-1","openSUSE-SU-2020:1930-1"],"references":[{"type":"FIX","url":"https://patchwork.ozlabs.org/patch/1092945"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/u-boot/u-boot","events":[{"introduced":"dda0dbfc69f3d560c87f5be85f127ed862ea6721"},{"last_affected":"3c99166441bf3ea325af2da83cfe65430b49c066"}],"database_specific":{"versions":[{"introduced":"2014.04"},{"last_affected":"2019.04"}]}}],"versions":["v2014.04","v2014.07","v2014.07-rc1","v2014.07-rc2","v2014.07-rc3","v2014.07-rc4","v2014.10","v2014.10-rc1","v2014.10-rc2","v2014.10-rc3","v2015.01","v2015.01-rc1","v2015.01-rc2","v2015.01-rc3","v2015.01-rc4","v2015.04","v2015.04-rc1","v2015.04-rc2","v2015.04-rc3","v2015.04-rc4","v2015.04-rc5","v2015.07","v2015.07-rc1","v2015.07-rc2","v2015.07-rc3","v2015.10","v2015.10-rc1","v2015.10-rc2","v2015.10-rc3","v2015.10-rc4","v2015.10-rc5","v2016.01","v2016.01-rc1","v2016.01-rc2","v2016.01-rc3","v2016.01-rc4","v2016.03","v2016.03-rc1","v2016.03-rc2","v2016.03-rc3","v2016.05","v2016.05-rc1","v2016.05-rc2","v2016.05-rc3","v2016.07","v2016.07-rc1","v2016.07-rc2","v2016.07-rc3","v2016.09","v2016.09-rc1","v2016.09-rc2","v2016.11","v2016.11-rc1","v2016.11-rc2","v2016.11-rc3","v2017.01","v2017.01-rc1","v2017.01-rc2","v2017.01-rc3","v2017.03","v2017.03-rc1","v2017.03-rc2","v2017.03-rc3","v2017.05","v2017.05-rc1","v2017.05-rc2","v2017.05-rc3","v2017.07","v2017.07-rc1","v2017.07-rc2","v2017.07-rc3","v2017.09","v2017.09-rc1","v2017.09-rc2","v2017.09-rc3","v2017.09-rc4","v2017.11","v2017.11-rc1","v2017.11-rc2","v2017.11-rc3","v2017.11-rc4","v2018.01","v2018.01-rc1","v2018.01-rc2","v2018.01-rc3","v2018.03","v2018.03-rc1","v2018.03-rc2","v2018.03-rc3","v2018.03-rc4","v2018.05","v2018.05-rc1","v2018.05-rc2","v2018.05-rc3","v2018.07","v2018.07-rc1","v2018.07-rc2","v2018.07-rc3","v2018.09","v2018.09-rc1","v2018.09-rc2","v2018.09-rc3","v2018.11","v2018.11-rc1","v2018.11-rc2","v2018.11-rc3","v2019.01","v2019.01-rc1","v2019.01-rc2","v2019.01-rc3","v2019.04","v2019.04-rc1","v2019.04-rc2","v2019.04-rc3","v2019.04-rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11690.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}