Lucene search
Gentoo FoundationGLSA-202405-23HistoryMay 08, 2024 - 12:00 a.m.
U-Boot tools: double free vulnerability
2024-05-0800:00:00
Gentoo Foundation
security.gentoo.org
4
u-boot
vulnerability
double free
cmd/gpt.c
do_rename_gpt_parts()
upgrade
Background
U-Boot tools provides utiiities for working with Das U-Boot.
Description
A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details.
Impact
In Das U-Boot a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All U-Boot tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-embedded/u-boot-tools-2020.04"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | dev-embedded/u-boot-tools | < 2020.04 | UNKNOWN |
Related
redhatcve
redhatcve
CVE-2020-8432
2022-05-20 23:17:38
nessus
nessus
GLSA-202405-23 : U-Boot tools: double free vulnerability
2024-05-08 00:00:00
EulerOS 2.0 SP9 : uboot-tools (EulerOS-SA-2021-2701)
2021-11-11 00:00:00
EulerOS 2.0 SP9 : uboot-tools (EulerOS-SA-2021-2726)
2021-11-11 00:00:00
osv
osv
CVE-2020-8432
2020-01-29 19:15:14
cvelist
cvelist
CVE-2020-8432
2020-01-29 18:33:31
cve
cve
CVE-2020-8432
2020-01-29 19:15:00
debiancve
debiancve
CVE-2020-8432
2020-01-29 19:15:00
prion
prion
Double free
2020-01-29 19:15:00
ubuntucve
ubuntucve
CVE-2020-8432
2020-01-29 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for uboot-tools (EulerOS-SA-2021-2726)
2021-11-12 00:00:00
Huawei EulerOS: Security Advisory for uboot-tools (EulerOS-SA-2021-2701)
2021-11-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3161-1)
2021-06-09 00:00:00
suse
suse
Security update for u-boot (important)
2020-11-07 00:00:00
Security update for u-boot (important)
2020-11-15 00:00:00