Denx · Das U-Boot · CVE-2019-11690
**Name of the Vulnerable Software and Affected Versions**
Das U-Boot versions v2014.04 through v2019.04
**Description**
The issue concerns the generation of random UUID values. In scenarios where CONFIG RANDOM UUID is enabled and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device, attackers can determine UUID values due to the lack of an srand call in the gen rand uuid function.
**Recommendations**
For Das U-Boot versions v2014.04 through v2019.04, consider implementing a proper random seed initialization to prevent predictable UUID values. As a temporary workaround, consider disabling the use of CONFIG RANDOM UUID until a proper fix is applied.