46 matches found
CVE-2020-8432
CVE-2020-8432 affects Das U-Boot up to 2020.01, with a double free in the cmd/gpt.c do_rename_gpt_parts() function. The double free can lead to a write-what-where condition and remote code execution. The issue was introduced during a memory-leak fix identified by static analysis. Publicly referen...
CVE-2019-14196
CVE-2019-14196 affects Das U-Boot (through 2019.07) with an unbounded memcpy in nfs_lookup_reply caused by a failed length check, leading to a buffer overflow. Related records confirm an extended issue: CVE-2022-30767 (and its note about an incorrect fix for CVE-2019-14196) affects U-Boot through...
CVE-2019-13106
CVE-2019-13106 affects Das U-Boot 2016.09–2019.07-rc4, where reading a crafted ext4 filesystem can cause a stack buffer overflow by memset() too much data. This supports a likely code execution impact. Affected component: U-Boot memory handling during ext4 filesystem parsing; root cause: overflow...
CVE-2020-10648
CVE-2020-10648 affects Das U-Boot up to version 2020.01, where an attacker could bypass verified boot restrictions and boot arbitrary images by supplying a crafted FIT image to a system configured to boot the default configuration. Connected advisories indicate this CVE is addressed in SUSE secur...
CVE-2019-13103
CVE-2019-13103 describes a vulnerability in Das U-Boot where a crafted self-referential DOS partition table can trigger infinite recursion, causing unbounded stack growth and potentially crashing or corrupting data. Affected: Das U-Boot versions up to 2019.07-rc4. The Connected documents confirm ...
CVE-2022-30767
CVE-2022-30767 affects Das U-Boot (nfs_lookup_reply in net/nfs.c) up to 2022.04 and 2022.07-rc2, where an unbounded memcpy followed by a failed length check causes a buffer overflow. This issue is noted as a consequence of an incorrect fix for CVE-2019-14196. Public connected sources corroborate ...
CVE-2019-13104
CVE-2019-13104 affects Das U-Boot 2016.11-rc1 through 2019.07-rc4. The vulnerability is an underflow in ext4 file system handling that can cause memcpy() to overwrite a very large amount of data, potentially including the entire stack, when reading a crafted ext4 filesystem. The initial descripti...
CVE-2019-14201
CVE-2019-14201 affects Das U-Boot (up to version 2019.07). The issue is a stack-based buffer overflow in the nfs_lookup_reply handler used by NFS, caused by unsafe handling of reply data. This can lead to memory corruption and potential code execution under adversarial input. The CVE is tracked w...
CVE-2019-11690
CVE-2019-11690 affects Das U-Boot: gen_rand_uuid in lib/uuid.c in v2014.04–v2019.04. The root cause is a missing srand call when CONFIG_RANDOM_UUID is enabled, which can let an attacker determine UUID values used for GPT boot-device UUIDs. The vulnerability is documented with CVSS2/3 base metrics...
CVE-2019-14202
CVE-2019-14202 affects Das U-Boot up to 2019.07. The issue is a stack-based buffer overflow in the nfs_readlink_reply path of the nfs_handler, caused by an unbounded copy/memory handling during path length calculation. The CVSS scores in the entry indicate high to critical impact (CVSSv3 base 9.8...
CVE-2019-14193
CVE-2019-14193 affects Das U-Boot up to version 2019.07 and describes an unbounded memcpy with an unvalidated length in nfs_readlink_reply after calculating the new path length. The Dell (NFS) path handling bug can lead to memory corruption under certain inputs in the NFS frontend. Connected advi...
CVE-2019-11059
CVE-2019-11059 affects Das U-Boot 2016.11-rc1 through 2019.04, where the ext4 64-bit extension is mishandled, resulting in a buffer overflow. The provided documents identify the affected product (Das U-Boot) and the impact as a buffer overflow, but do not include concrete patch versions or remedi...
CVE-2019-14192
CVE-2019-14192 affects Das U-Boot up to version 2019.07, where parsing a UDP packet can trigger an unbounded memcpy due to a net_process_received_packet integer underflow during an nc_input_packet call. The issue is described as a vulnerability in U-Boot’s UDP packet handling that allows copying ...
CVE-2019-14200
CVE-2019-14200 affects Das U-Boot (up to version 2019.07) with a stack-based buffer overflow in the nfs_handler reply helper function rpc_lookup_reply. The issue is disclosed in 2019-07 and is listed alongside related CVEs (e.g., 2019-14192..14204) in multiple advisories; CVSS v3 shows a base sco...
CVE-2019-14194
CVE-2019-14194 (Das U-Boot) : Affected up to 2019.07, the issue is an unbounded memcpy with a failed length check in nfs_read_reply when calling store_block in the NFSv2 case. This can lead to memory corruption. The provided documents do not specify a vendor/product remediation or fixed version; ...
CVE-2019-14197
Summary (CVE-2019-14197) : In Das U-Boot up to version 2019.07, there is a read of out-of-bounds data at the function nfs_read_reply. The connected sources confirm this specific vulnerability entry and identify the affected project as Das U-Boot, but do not provide any publicly available details ...
CVE-2019-14199
Das U-Boot vulnerability CVE-2019-14199 affects the project up to version 2019.07. It arises from an unbounded memcpy during UDP packet parsing caused by a net_process_received_packet integer underflow in the udp_packet_handler call. The issue can lead to memory corruption and is tied to unchecke...
CVE-2019-14204
CVE-2019-14204 concerns Das U-Boot up to version 2019.07, which contains a stack-based buffer overflow in the nfs_umountall_reply handler of the NFS-related code path (nfs_handler). The issue arises from improper bounds checking in that reply helper, enabling a stack overflow. According to the co...
CVE-2019-14203
CVE-2019-14203 affects Das U-Boot up to 2019.07, featuring a stack-based buffer overflow in the nfs_mount_reply handler (nfs_handler reply). The issue enables potential memory corruption via NFS mount reply processing, with CVSS present in public records indicating high impact (C/P I/P A:P; AV:N/...
CVE-2019-14195
CVE-2019-14195 affects Das U-Boot up to 2019.07. In the nfs_readlink_reply function, the code path in the else block after calculating the new path length uses an unbounded memcpy with unvalidated length. The issue is a potential memory corruption vulnerability stemming from an unbounded memcpy. ...
CVE-2019-14198
CVE-2019-14198 affects Das U-Boot up to 2019.07. The issue is an unbounded memcpy with a failed length check in nfs_read_reply when store_block is called for NFSv3. This is triggered by crafted NFS responses and can impact affected U-Boot builds. The provided connected documents reiterate the sam...
CVE-2021-27097
CVE-2021-27097 concerns the boot loader in Das U-Boot prior to 2021.04-rc2, which mishandles a modified FIT. Several third-party advisories (Debian DLA-4320-1, OpenVAS/Nessus reports) reference this CVE alongside CVE-2021-27138 and confirm that vulnerable U-Boot variants exist in multiple distrib...
CVE-2022-30552
CVE-2022-30552 affects U-Boot 2022.01 and is described as a buffer overflow vulnerability. Connected documents confirm the issue is in u-boot with a Buffer Overflow (not identical to CVE-2022-30790) and are associated with Debian and Ubuntu advisories referencing CVE-2022-30552. The Debian LTS ad...
CVE-2022-2347
CVE-2022-2347 affects U-Boot’s USB DFU download path: an unchecked wLength > 4096 can cause a heap overflow by writing beyond the heap-allocated request buffer. Affected component is U-Boot DFU handling; attack requires physical access via USB. Some advisories (Debian, EulerOS, Huawei EulerOS,...
CVE-2022-30790
CVE-2022-30790 is a Buffer Overflow in Das U-Boot 2022.01 (different issue from CVE-2022-30552). Connected sources (Debian DLA-4150-1 and Nessus/NASL notes) explicitly list CVE-2022-30790 as a Buffer Overflow affecting u-boot, with Debian advising upgrade to 2021.01+dfsg-5+deb11u1 to fix multiple...
CVE-2022-34835
CVE-2022-34835 affects U-Boot up to 2022.07-rc5, where an integer signedness error in the i2c md command can overflow a stack buffer and corrupt the return address pointer in do_i2c_md. This vulnerability could enable tampering with control flow; exploitation details are not provided in the conne...
CVE-2021-27138
CVE-2021-27138 affects the boot loader in Das U-Boot prior to 2021.04-rc2, where the FIT handling of unit addresses is flawed. Publicly documented in multiple ecosystem advisories, the issue can enable security risks with impact on confidentiality, integrity, and availability (CVSS 3.1 base 7.8)....
CVE-2024-57258
CVE-2024-57258 affects Das U-Boot (pre-2025.01-rc1) with integer overflows in memory allocation. Exploitation can occur via a crafted squashfs filesystem (via sbrk or request2size) or due to mishandling ptrdiff_t on x86_64, leading to memory corruption. Connected advisories corroborate the issue ...
CVE-2022-33103
CVE-2022-33103 affects U-Boot versions from v2020.10 to v2022.07-rc3, with an out-of-bounds write in the sqfs_readdir() function. Public results show CVSSv3.1 base score 7.8 (High impact: C/H, I/H, A/H) and CVSSv2 4.6 (Partial/Partial/Partial). Debian LTS explicitly fixes this in u-boot 2021.01+d...
CVE-2022-33967
CVE-2022-33967 affects the squashfs filesystem implementation in U-Boot, from versions v2020.10-rc2 through v2022.07-rc5. The root cause is a defect in the metadata reading process, causing a heap-based buffer overflow. Consequences stated in sources include denial-of-service (DoS) or arbitrary c...
CVE-2017-3225
CVE-2017-3225 concerns Das U-Boot, a device bootloader that reads configuration from an AES-CBC encrypted file. The vulnerability stems from U-Boot using a zero initialization vector (IV) in AES-CBC, which enables dictionary-like attacks on encrypted data to learn information about the ciphertext...
CVE-2019-13105
CVE-2019-13105 affects U-Boot 2019.07-rc1 to 2019.07-rc4. The issue is a double-free of a cached block when listing files in a crafted ext4 filesystem, caused by ext_cache_read not clearing freed pointers for invalid/out-of-bounds block numbers in ext_cache_ini. Impact is memory corruption potent...
CVE-2018-3968
The vulnerability CVE-2018-3968 affects Das U-Boot versions 2013.07-rc1 through 2014.07-rc2, where verified boot lacks proper FIT signature enforcement. This allows a local attacker who can supply a boot image to bypass verified boot and execute an unsigned kernel embedded in a legacy image forma...
CVE-2018-18439
DENX U-Boot (through 2018.09-rc1) is affected by CVE-2018-18439 due to a remotely exploitable buffer overflow in TFTP handling and an additional local exploit path via a crafted kernel image. The vulnerability enables network-triggered overflow via a malicious TFTP server and also allows local ex...
CVE-2018-18440
CVE-2018-18440 affects DENX U-Boot up to version 2018.09-rc1, which has a locally exploitable buffer overflow in the filesystem loading path when processing a crafted kernel image. The root issue is mishandling of filesystem loading in U-Boot, enabling a local attacker to exploit the overflow and...
CVE-2024-57256
CVE-2024-57256 pertains to an integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1. The overflow occurs when zalloc adds one to a 32-bit LE value in crafted ext4 filesystems with an inode size of 0xffffffff, causing a zero malloc and a subsequent memory overwrite. Connected re...
CVE-2024-57257
CVE-2024-57257 describes a stack consumption issue in sqfs_size in Das U-Boot prior to 2025.01-rc1 triggered by a crafted squashfs filesystem with deep symlink nesting. The vulnerability affects Das U-Boot’s handling of SquashFS structures and may lead to stack exhaustion. Connected sources confi...
CVE-2024-57254
CVE-2024-57254 describes an integer overflow in the sqfs_inode_size calculation within Das U-Boot up to the 2025.01-rc1 release, triggered by a crafted squashfs filesystem affecting the symlink size calculation. Products affected: Das U-Boot (DENX Software Engineering) prior to 2025.01-rc1. Impac...
CVE-2024-57259
CVE-2024-57259 affects Das U-Boot up to 2025.01-rc1. The issue is an off-by-one error in sqfs_search_dir that causes heap memory corruption during squashfs directory listings because the path separator is not counted in a size calculation. Impact is described as high (confidentiality, integrity, ...
CVE-2024-42040
Affects: DENEX U-Boot (net/bootp.c). Vulnerability: Buffer Overflow in net/bootp.c, present since initial commit 2002 (3861aa5), on any platform. Described impact is that an attacker on the same local network can cause leakage of memory (4–32 bytes) behind DHCP-injected packets via crafted DHCP r...
CVE-2017-3226
CVE-2017-3226 concerns Das U-Boot’s AES-CBC environment encryption (CONFIG_ENV_AES=y). A crafted two‑byte sequence in the encrypted environment data can trigger an error during environment variable parsing, which is improperly handled and leads to an immediate process termination with a debugging...
CVE-2018-1000205
CVE-2018-1000205 concerns the U-Boot bootloader, where CWE-20 Improper Input Validation exists in the Verified boot signature validation, allowing bypass of verified boot. The issue is exploitable via a specially crafted FIT image and device memory functionality. Affected details in connected doc...
CVE-2024-57255
CVE-2024-57255 concerns Das U-Boot up to 2025.01-rc1, where an integer overflow in sqfs_resolve_symlink is triggered by a crafted squashfs with inode size 0xffffffff, causing a zero malloc and a memory overwrite. The linked sources confirm the affected component and root cause; remediation is a p...
CVE-2025-45512
CVE-2025-45512 affects DENX Software Engineering Das U-Boot (bootloader) v1.1.3. The root cause is a lack of signature verification in the bootloader, enabling attackers to install crafted firmware and achieve arbitrary code execution. Impact is practical on devices using this U-Boot version, wit...
CVE-2025-24857
The vulnerability CVE-2025-24857 affects Universal Boot Loader (U-Boot) versions prior to 2017.11 and certain Qualcomm boot ROM/SoC families (IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, IPQ9574). The root cause is improper access control for volatile memory containing boot code, which c...
CVE-2026-33243
Barebox contains a vulnerability in the FIT signing flow: during mkimage, the hashed-nodes property of the FIT signature node is computed, but the hashed-nodes value is not itself protected by the hash. An attacker can modify hashed-nodes to influence which nodes were reported as hashed, potentia...