Unity Linux 20.1070e Security Update: uboot-tools (UTSA-2025-680593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680593 advisory. There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not...

SUSE CVE-2022-2347

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...

DEBIAN-CVE-2022-2347

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...

DENX Software Engineering Das U-Boot 缓冲区错误漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in DENX Software Engineering Das U-Boot that originates from an unchecked download size and direction in the USB DFU, which can be exploited by an attacker to...

CVE-2022-29246 Potential buffer overflow in function DFU upload in Azure RTOS USBX

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features o...