Note:
This project will be discontinued after December 13, 2021. [more]
Product:
U\-Boot
(Denx)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 36 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-29 | CVE-2020-8432 | In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. | U\-Boot, Leap | 9.8 | ||
| 2021-02-17 | CVE-2021-27097 | The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. | U\-Boot | 7.8 | ||
| 2021-02-17 | CVE-2021-27138 | The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. | U\-Boot | 7.8 | ||
| 2022-05-16 | CVE-2022-30767 | nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. | U\-Boot, Fedora | 9.8 | ||
| 2022-06-08 | CVE-2022-30552 | Das U-Boot 2022.01 has a Buffer Overflow. | U\-Boot | 5.5 | ||
| 2022-06-08 | CVE-2022-30790 | Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. | U\-Boot | 7.8 |