869 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-29007
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers ...
DEBIAN-CVE-2026-29008
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...
CVE-2026-29009
U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...
DEBIAN-CVE-2026-29007
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
CVE-2026-29007
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
UBUNTU-CVE-2026-29009
U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...
UBUNTU-CVE-2026-29008
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...
UBUNTU-CVE-2026-29007
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
CVE-2026-29009 U-Boot 2026.04-rc3 Buffer Overflow in nfs_readlink_reply() via NFS READLINK
U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...
CVE-2026-29009 U-Boot 2026.04-rc3 Buffer Overflow in nfs_readlink_reply() via NFS READLINK
U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...
CVE-2026-29008
U-Boot 2026.04-rc3 contains a vulnerability in tcp_rx_state_machine() (net/tcp.c) that can crash the bootloader via a malformed TCP SYN+ACK with manipulated data offset, causing payload_len to become negative. The negative value is implicitly converted to a large unsigned integer and passed to me...
CVE-2026-29008 U-Boot 2026.04-rc3 Integer Underflow DoS via tcp_rx_state_machine()
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...
CVE-2026-29008 U-Boot 2026.04-rc3 Integer Underflow DoS via tcp_rx_state_machine()
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...
CVE-2026-29007
CVE-2026-29007 affects U-Boot (versions up to 2026.04-rc3) with CONFIG_PROT_TCP enabled. The issue is an out-of-bounds read in tcp_rx_state_machine() (net/tcp.c) triggered by a crafted IP packet whose total length and TCP data offset fields are mismatched, e.g., IP length 40 bytes and TCP header ...
CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
EUVD-2026-42328
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
Debian dla-4642 : u-boot - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4642 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4642-1 [email protected]...
[SECURITY] [DLA 4642-1] u-boot security update
Debian LTS Advisory DLA-4642-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson June 23, 2026 https://wiki.debian.org/LTS Package : u-boot Version : 2021.01+dfsg-5+deb11u3 2023.01+dfsg-2+deb12u3 CVE ID : CVE-2024-42040 CVE-2026-46728 Debian Bug : 1081557 1136954...