Lucene search
K
DenxU-boot

46 matches found

CVE
CVE
added 2020/01/29 6:33 p.m.211 views

CVE-2020-8432

CVE-2020-8432 affects Das U-Boot up to 2020.01, with a double free in the cmd/gpt.c do_rename_gpt_parts() function. The double free can lead to a write-what-where condition and remote code execution. The issue was introduced during a memory-leak fix identified by static analysis. Publicly referen...

10CVSS9.4AI score0.03701EPSS
CVE
CVE
added 2019/07/31 12:30 p.m.194 views

CVE-2019-14196

CVE-2019-14196 affects Das U-Boot (through 2019.07) with an unbounded memcpy in nfs_lookup_reply caused by a failed length check, leading to a buffer overflow. Related records confirm an extended issue: CVE-2022-30767 (and its note about an incorrect fix for CVE-2019-14196) affects U-Boot through...

9.8CVSS8.4AI score0.02196EPSS
CVE
CVE
added 2019/08/06 7:5 p.m.183 views

CVE-2019-13106

CVE-2019-13106 affects Das U-Boot 2016.09–2019.07-rc4, where reading a crafted ext4 filesystem can cause a stack buffer overflow by memset() too much data. This supports a likely code execution impact. Affected component: U-Boot memory handling during ext4 filesystem parsing; root cause: overflow...

8.3CVSS7.8AI score0.01764EPSS
CVE
CVE
added 2020/03/19 1:36 p.m.183 views

CVE-2020-10648

CVE-2020-10648 affects Das U-Boot up to version 2020.01, where an attacker could bypass verified boot restrictions and boot arbitrary images by supplying a crafted FIT image to a system configured to boot the default configuration. Connected advisories indicate this CVE is addressed in SUSE secur...

7.8CVSS8.4AI score0.01313EPSS
CVE
CVE
added 2019/07/29 2:52 p.m.182 views

CVE-2019-13103

CVE-2019-13103 describes a vulnerability in Das U-Boot where a crafted self-referential DOS partition table can trigger infinite recursion, causing unbounded stack growth and potentially crashing or corrupting data. Affected: Das U-Boot versions up to 2019.07-rc4. The Connected documents confirm ...

7.1CVSS7.9AI score0.00404EPSS
CVE
CVE
added 2022/05/16 2:13 a.m.181 views

CVE-2022-30767

CVE-2022-30767 affects Das U-Boot (nfs_lookup_reply in net/nfs.c) up to 2022.04 and 2022.07-rc2, where an unbounded memcpy followed by a failed length check causes a buffer overflow. This issue is noted as a consequence of an incorrect fix for CVE-2019-14196. Public connected sources corroborate ...

9.8CVSS8.6AI score0.02612EPSS
CVE
CVE
added 2019/08/06 7:0 p.m.179 views

CVE-2019-13104

CVE-2019-13104 affects Das U-Boot 2016.11-rc1 through 2019.07-rc4. The vulnerability is an underflow in ext4 file system handling that can cause memcpy() to overwrite a very large amount of data, potentially including the entire stack, when reading a crafted ext4 filesystem. The initial descripti...

7.8CVSS7.3AI score0.01118EPSS
CVE
CVE
added 2019/07/31 12:13 p.m.170 views

CVE-2019-14201

CVE-2019-14201 affects Das U-Boot (up to version 2019.07). The issue is a stack-based buffer overflow in the nfs_lookup_reply handler used by NFS, caused by unsafe handling of reply data. This can lead to memory corruption and potential code execution under adversarial input. The CVE is tracked w...

9.8CVSS8.7AI score0.02488EPSS
CVE
CVE
added 2019/05/03 12:7 p.m.167 views

CVE-2019-11690

CVE-2019-11690 affects Das U-Boot: gen_rand_uuid in lib/uuid.c in v2014.04–v2019.04. The root cause is a missing srand call when CONFIG_RANDOM_UUID is enabled, which can let an attacker determine UUID values used for GPT boot-device UUIDs. The vulnerability is documented with CVSS2/3 base metrics...

5.9CVSS7.2AI score0.0119EPSS
CVE
CVE
added 2019/07/31 12:12 p.m.166 views

CVE-2019-14202

CVE-2019-14202 affects Das U-Boot up to 2019.07. The issue is a stack-based buffer overflow in the nfs_readlink_reply path of the nfs_handler, caused by an unbounded copy/memory handling during path length calculation. The CVSS scores in the entry indicate high to critical impact (CVSSv3 base 9.8...

9.8CVSS8.7AI score0.02488EPSS
CVE
CVE
added 2019/07/31 12:35 p.m.165 views

CVE-2019-14193

CVE-2019-14193 affects Das U-Boot up to version 2019.07 and describes an unbounded memcpy with an unvalidated length in nfs_readlink_reply after calculating the new path length. The Dell (NFS) path handling bug can lead to memory corruption under certain inputs in the NFS frontend. Connected advi...

9.8CVSS8.4AI score0.02403EPSS
CVE
CVE
added 2019/05/10 7:36 p.m.164 views

CVE-2019-11059

CVE-2019-11059 affects Das U-Boot 2016.11-rc1 through 2019.04, where the ext4 64-bit extension is mishandled, resulting in a buffer overflow. The provided documents identify the affected product (Das U-Boot) and the impact as a buffer overflow, but do not include concrete patch versions or remedi...

9.8CVSS8.6AI score0.019EPSS
CVE
CVE
added 2019/07/31 12:18 p.m.164 views

CVE-2019-14192

CVE-2019-14192 affects Das U-Boot up to version 2019.07, where parsing a UDP packet can trigger an unbounded memcpy due to a net_process_received_packet integer underflow during an nc_input_packet call. The issue is described as a vulnerability in U-Boot’s UDP packet handling that allows copying ...

9.8CVSS8.3AI score0.02666EPSS
CVE
CVE
added 2019/07/31 12:14 p.m.164 views

CVE-2019-14200

CVE-2019-14200 affects Das U-Boot (up to version 2019.07) with a stack-based buffer overflow in the nfs_handler reply helper function rpc_lookup_reply. The issue is disclosed in 2019-07 and is listed alongside related CVEs (e.g., 2019-14192..14204) in multiple advisories; CVSS v3 shows a base sco...

9.8CVSS8.7AI score0.02488EPSS
CVE
CVE
added 2019/07/31 12:22 p.m.159 views

CVE-2019-14194

CVE-2019-14194 (Das U-Boot) : Affected up to 2019.07, the issue is an unbounded memcpy with a failed length check in nfs_read_reply when calling store_block in the NFSv2 case. This can lead to memory corruption. The provided documents do not specify a vendor/product remediation or fixed version; ...

9.8CVSS8.4AI score0.0235EPSS
CVE
CVE
added 2019/07/31 12:28 p.m.157 views

CVE-2019-14197

Summary (CVE-2019-14197) : In Das U-Boot up to version 2019.07, there is a read of out-of-bounds data at the function nfs_read_reply. The connected sources confirm this specific vulnerability entry and identify the affected project as Das U-Boot, but do not provide any publicly available details ...

9.1CVSS8.3AI score0.02368EPSS
CVE
CVE
added 2019/07/31 12:31 p.m.156 views

CVE-2019-14199

Das U-Boot vulnerability CVE-2019-14199 affects the project up to version 2019.07. It arises from an unbounded memcpy during UDP packet parsing caused by a net_process_received_packet integer underflow in the udp_packet_handler call. The issue can lead to memory corruption and is tied to unchecke...

9.8CVSS8.3AI score0.0235EPSS
CVE
CVE
added 2019/07/31 12:9 p.m.156 views

CVE-2019-14204

CVE-2019-14204 concerns Das U-Boot up to version 2019.07, which contains a stack-based buffer overflow in the nfs_umountall_reply handler of the NFS-related code path (nfs_handler). The issue arises from improper bounds checking in that reply helper, enabling a stack overflow. According to the co...

9.8CVSS8.7AI score0.02488EPSS
CVE
CVE
added 2019/07/31 12:11 p.m.154 views

CVE-2019-14203

CVE-2019-14203 affects Das U-Boot up to 2019.07, featuring a stack-based buffer overflow in the nfs_mount_reply handler (nfs_handler reply). The issue enables potential memory corruption via NFS mount reply processing, with CVSS present in public records indicating high impact (C/P I/P A:P; AV:N/...

9.8CVSS8.7AI score0.02488EPSS
CVE
CVE
added 2019/07/31 12:23 p.m.149 views

CVE-2019-14195

CVE-2019-14195 affects Das U-Boot up to 2019.07. In the nfs_readlink_reply function, the code path in the else block after calculating the new path length uses an unbounded memcpy with unvalidated length. The issue is a potential memory corruption vulnerability stemming from an unbounded memcpy. ...

9.8CVSS8.4AI score0.0235EPSS
CVE
CVE
added 2019/07/31 12:27 p.m.148 views

CVE-2019-14198

CVE-2019-14198 affects Das U-Boot up to 2019.07. The issue is an unbounded memcpy with a failed length check in nfs_read_reply when store_block is called for NFSv3. This is triggered by crafted NFS responses and can impact affected U-Boot builds. The provided connected documents reiterate the sam...

9.8CVSS8.4AI score0.0235EPSS
CVE
CVE
added 2021/02/17 10:36 p.m.126 views

CVE-2021-27097

CVE-2021-27097 concerns the boot loader in Das U-Boot prior to 2021.04-rc2, which mishandles a modified FIT. Several third-party advisories (Debian DLA-4320-1, OpenVAS/Nessus reports) reference this CVE alongside CVE-2021-27138 and confirm that vulnerable U-Boot variants exist in multiple distrib...

7.8CVSS7.3AI score0.01037EPSS
CVE
CVE
added 2022/06/08 12:32 p.m.122 views

CVE-2022-30552

CVE-2022-30552 affects U-Boot 2022.01 and is described as a buffer overflow vulnerability. Connected documents confirm the issue is in u-boot with a Buffer Overflow (not identical to CVE-2022-30790) and are associated with Debian and Ubuntu advisories referencing CVE-2022-30552. The Debian LTS ad...

5.5CVSS6.2AI score0.00439EPSS
CVE
CVE
added 2022/09/23 12:50 p.m.117 views

CVE-2022-2347

CVE-2022-2347 affects U-Boot’s USB DFU download path: an unchecked wLength > 4096 can cause a heap overflow by writing beyond the heap-allocated request buffer. Affected component is U-Boot DFU handling; attack requires physical access via USB. Some advisories (Debian, EulerOS, Huawei EulerOS,...

7.7CVSS6.9AI score0.00586EPSS
CVE
CVE
added 2022/06/08 12:32 p.m.113 views

CVE-2022-30790

CVE-2022-30790 is a Buffer Overflow in Das U-Boot 2022.01 (different issue from CVE-2022-30552). Connected sources (Debian DLA-4150-1 and Nessus/NASL notes) explicitly list CVE-2022-30790 as a Buffer Overflow affecting u-boot, with Debian advising upgrade to 2021.01+dfsg-5+deb11u1 to fix multiple...

7.8CVSS6.3AI score0.00554EPSS
CVE
CVE
added 2022/06/29 11:48 p.m.110 views

CVE-2022-34835

CVE-2022-34835 affects U-Boot up to 2022.07-rc5, where an integer signedness error in the i2c md command can overflow a stack buffer and corrupt the return address pointer in do_i2c_md. This vulnerability could enable tampering with control flow; exploitation details are not provided in the conne...

9.8CVSS9.8AI score0.02023EPSS
CVE
CVE
added 2021/02/17 10:36 p.m.104 views

CVE-2021-27138

CVE-2021-27138 affects the boot loader in Das U-Boot prior to 2021.04-rc2, where the FIT handling of unit addresses is flawed. Publicly documented in multiple ecosystem advisories, the issue can enable security risks with impact on confidentiality, integrity, and availability (CVSS 3.1 base 7.8)....

7.8CVSS7.3AI score0.01095EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.99 views

CVE-2024-57258

CVE-2024-57258 affects Das U-Boot (pre-2025.01-rc1) with integer overflows in memory allocation. Exploitation can occur via a crafted squashfs filesystem (via sbrk or request2size) or due to mishandling ptrdiff_t on x86_64, leading to memory corruption. Connected advisories corroborate the issue ...

7.8CVSS7AI score0.00233EPSS
CVE
CVE
added 2022/07/01 11:36 a.m.90 views

CVE-2022-33103

CVE-2022-33103 affects U-Boot versions from v2020.10 to v2022.07-rc3, with an out-of-bounds write in the sqfs_readdir() function. Public results show CVSSv3.1 base score 7.8 (High impact: C/H, I/H, A/H) and CVSSv2 4.6 (Partial/Partial/Partial). Debian LTS explicitly fixes this in u-boot 2021.01+d...

7.8CVSS7.7AI score0.00453EPSS
CVE
CVE
added 2022/07/20 6:15 a.m.85 views

CVE-2022-33967

CVE-2022-33967 affects the squashfs filesystem implementation in U-Boot, from versions v2020.10-rc2 through v2022.07-rc5. The root cause is a defect in the metadata reading process, causing a heap-based buffer overflow. Consequences stated in sources include denial-of-service (DoS) or arbitrary c...

7.8CVSS8.9AI score0.00516EPSS
CVE
CVE
added 2018/07/24 3:0 p.m.84 views

CVE-2017-3225

CVE-2017-3225 concerns Das U-Boot, a device bootloader that reads configuration from an AES-CBC encrypted file. The vulnerability stems from U-Boot using a zero initialization vector (IV) in AES-CBC, which enables dictionary-like attacks on encrypted data to learn information about the ciphertext...

4.6CVSS4.4AI score0.00309EPSS
CVE
CVE
added 2019/08/06 7:2 p.m.84 views

CVE-2019-13105

CVE-2019-13105 affects U-Boot 2019.07-rc1 to 2019.07-rc4. The issue is a double-free of a cached block when listing files in a crafted ext4 filesystem, caused by ext_cache_read not clearing freed pointers for invalid/out-of-bounds block numbers in ext_cache_ini. Impact is memory corruption potent...

7.8CVSS7.4AI score0.01256EPSS
CVE
CVE
added 2019/03/21 4:36 p.m.80 views

CVE-2018-3968

The vulnerability CVE-2018-3968 affects Das U-Boot versions 2013.07-rc1 through 2014.07-rc2, where verified boot lacks proper FIT signature enforcement. This allows a local attacker who can supply a boot image to bypass verified boot and execute an unsigned kernel embedded in a legacy image forma...

8.2CVSS6.6AI score0.00276EPSS
CVE
CVE
added 2018/11/20 7:0 p.m.78 views

CVE-2018-18439

DENX U-Boot (through 2018.09-rc1) is affected by CVE-2018-18439 due to a remotely exploitable buffer overflow in TFTP handling and an additional local exploit path via a crafted kernel image. The vulnerability enables network-triggered overflow via a malicious TFTP server and also allows local ex...

10CVSS9.1AI score0.02041EPSS
CVE
CVE
added 2018/11/20 7:0 p.m.78 views

CVE-2018-18440

CVE-2018-18440 affects DENX U-Boot up to version 2018.09-rc1, which has a locally exploitable buffer overflow in the filesystem loading path when processing a crafted kernel image. The root issue is mishandling of filesystem loading in U-Boot, enabling a local attacker to exploit the overflow and...

7.8CVSS7.5AI score0.00574EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.78 views

CVE-2024-57256

CVE-2024-57256 pertains to an integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1. The overflow occurs when zalloc adds one to a 32-bit LE value in crafted ext4 filesystems with an inode size of 0xffffffff, causing a zero malloc and a subsequent memory overwrite. Connected re...

7.1CVSS7.2AI score0.00365EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.76 views

CVE-2024-57257

CVE-2024-57257 describes a stack consumption issue in sqfs_size in Das U-Boot prior to 2025.01-rc1 triggered by a crafted squashfs filesystem with deep symlink nesting. The vulnerability affects Das U-Boot’s handling of SquashFS structures and may lead to stack exhaustion. Connected sources confi...

2.4CVSS6.9AI score0.0031EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.74 views

CVE-2024-57254

CVE-2024-57254 describes an integer overflow in the sqfs_inode_size calculation within Das U-Boot up to the 2025.01-rc1 release, triggered by a crafted squashfs filesystem affecting the symlink size calculation. Products affected: Das U-Boot (DENX Software Engineering) prior to 2025.01-rc1. Impac...

7.1CVSS7.2AI score0.00359EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.74 views

CVE-2024-57259

CVE-2024-57259 affects Das U-Boot up to 2025.01-rc1. The issue is an off-by-one error in sqfs_search_dir that causes heap memory corruption during squashfs directory listings because the path separator is not counted in a size calculation. Impact is described as high (confidentiality, integrity, ...

7.1CVSS7.2AI score0.00361EPSS
CVE
CVE
added 2024/08/23 12:0 a.m.73 views

CVE-2024-42040

Affects: DENEX U-Boot (net/bootp.c). Vulnerability: Buffer Overflow in net/bootp.c, present since initial commit 2002 (3861aa5), on any platform. Described impact is that an attacker on the same local network can cause leakage of memory (4–32 bytes) behind DHCP-injected packets via crafted DHCP r...

8.1CVSS6.5AI score0.00598EPSS
CVE
CVE
added 2018/07/24 3:0 p.m.71 views

CVE-2017-3226

CVE-2017-3226 concerns Das U-Boot’s AES-CBC environment encryption (CONFIG_ENV_AES=y). A crafted two‑byte sequence in the encrypted environment data can trigger an error during environment variable parsing, which is improperly handled and leads to an immediate process termination with a debugging...

6.4CVSS6AI score0.00266EPSS
CVE
CVE
added 2018/06/26 4:0 p.m.70 views

CVE-2018-1000205

CVE-2018-1000205 concerns the U-Boot bootloader, where CWE-20 Improper Input Validation exists in the Verified boot signature validation, allowing bypass of verified boot. The issue is exploitable via a specially crafted FIT image and device memory functionality. Affected details in connected doc...

5.5CVSS5.3AI score0.00713EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.70 views

CVE-2024-57255

CVE-2024-57255 concerns Das U-Boot up to 2025.01-rc1, where an integer overflow in sqfs_resolve_symlink is triggered by a crafted squashfs with inode size 0xffffffff, causing a zero malloc and a memory overwrite. The linked sources confirm the affected component and root cause; remediation is a p...

7.1CVSS7.2AI score0.00359EPSS
CVE
CVE
added 2025/08/05 12:0 a.m.51 views

CVE-2025-45512

CVE-2025-45512 affects DENX Software Engineering Das U-Boot (bootloader) v1.1.3. The root cause is a lack of signature verification in the bootloader, enabling attackers to install crafted firmware and achieve arbitrary code execution. Impact is practical on devices using this U-Boot version, wit...

6.5CVSS7.3AI score0.00314EPSS
CVE
CVE
added 2025/12/10 12:0 a.m.32 views

CVE-2025-24857

The vulnerability CVE-2025-24857 affects Universal Boot Loader (U-Boot) versions prior to 2017.11 and certain Qualcomm boot ROM/SoC families (IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, IPQ9574). The root cause is improper access control for volatile memory containing boot code, which c...

7.6CVSS7.2AI score0.00248EPSS
CVE
CVE
added 2026/03/20 10:51 p.m.18 views

CVE-2026-33243

Barebox contains a vulnerability in the FIT signing flow: during mkimage, the hashed-nodes property of the FIT signature node is computed, but the hashed-nodes value is not itself protected by the hash. An attacker can modify hashed-nodes to influence which nodes were reported as hashed, potentia...

8.2CVSS5.8AI score0.00108EPSS