From 8cac177a77e2df34007f0ab0155fce340d6a5755 Mon Sep 17 00:00:00 2001
From: Madison Quinn Oliver <>
Date: Tue, 24 Jul 2018 09:06:11 -0400
Subject: [PATCH] Updated description for 2017-3226

---
 2017/3xxx/CVE-2017-3226.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/2017/3xxx/CVE-2017-3226.json b/2017/3xxx/CVE-2017-3226.json
index f9dc0a116bf..15b5bb2aee0 100644
--- a/2017/3xxx/CVE-2017-3226.json
+++ b/2017/3xxx/CVE-2017-3226.json
@@ -37,7 +37,7 @@
       "description_data": [
          {
             "lang": "eng",
-            "value": "Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot improperly handles an error condition and may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data."
+            "value": "Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message."
          }
       ]
    },