Latest denx u-boot Vulnerabilities

CVE-2022-2347
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction cor...
DENX U-Boot>=2012.10<=2022.07
ubuntu/u-boot<2020.10+dfsg-1ubuntu0~18.04.3
ubuntu/u-boot<2021.01+dfsg-3ubuntu0~20.04.5
ubuntu/u-boot<2022.01+dfsg-2ubuntu2.3
ubuntu/u-boot<2022.07+dfsg-1ubuntu4.2
ubuntu/u-boot<2022.07+dfsg-1ubuntu7
and 4 more
CVE-2022-33967
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a s...
DENX U-Boot=2020.10-rc2
DENX U-Boot=2020.10-rc3
DENX U-Boot=2020.10-rc4
DENX U-Boot=2020.10-rc5
DENX U-Boot=2021.01
DENX U-Boot=2021.01-rc1
and 26 more
CVE-2022-33103
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
DENX U-Boot>=2020.10<2022.07
DENX U-Boot=2022.07-rc1
DENX U-Boot=2022.07-rc2
DENX U-Boot=2022.07-rc3
ubuntu/u-boot<2020.10+dfsg-1ubuntu0~18.04.3
ubuntu/u-boot<2021.01+dfsg-3ubuntu0~20.04.5
and 2 more
CVE-2022-34835
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md f...
DENX U-Boot<2022.07
DENX U-Boot=2022.07-rc1
DENX U-Boot=2022.07-rc2
DENX U-Boot=2022.07-rc3
DENX U-Boot=2022.07-rc4
DENX U-Boot=2022.07-rc5
and 4 more
CVE-2022-30790
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
DENX U-Boot=2022.01
ubuntu/u-boot<2020.10+dfsg-1ubuntu0~18.04.3
ubuntu/u-boot<2021.01+dfsg-3ubuntu0~20.04.5
ubuntu/u-boot<2022.01+dfsg-2ubuntu2.3
ubuntu/u-boot-nezha<2022.04+
ubuntu/u-boot-nezha<2022.10-1089-
and 1 more
CVE-2022-30552
Das U-Boot 2022.01 has a Buffer Overflow.
DENX U-Boot=2022.01
ubuntu/u-boot<2020.10+dfsg-1ubuntu0~18.04.3
ubuntu/u-boot<2021.01+dfsg-3ubuntu0~20.04.5
ubuntu/u-boot<2022.01+dfsg-2ubuntu2.3
ubuntu/u-boot-nezha<2022.04+
ubuntu/u-boot-nezha<2022.10-1089-
and 1 more
CVE-2022-30767
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because ...
DENX U-Boot<=2022.04
DENX U-Boot=2022.07-rc1
DENX U-Boot=2022.07-rc2
Fedoraproject Fedora=36
ubuntu/u-boot<2020.10+dfsg-1ubuntu0~18.04.3
ubuntu/u-boot<2021.01+dfsg-3ubuntu0~20.04.5
and 2 more
CVE-2021-27097
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
DENX U-Boot<=2021.01
DENX U-Boot=2021.04-rc1
CVE-2021-27138
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
DENX U-Boot<=2021.01
DENX U-Boot=2021.04-rc1
CVE-2020-10648
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default conf...
DENX U-Boot<2018.03
DENX U-Boot=2020.01
openSUSE Leap=15.2
CVE-2020-8432
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute ...
DENX U-Boot<=2020.01
openSUSE Leap=15.2
CVE-2019-13105
Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
DENX U-Boot=2019.07-rc1
DENX U-Boot=2019.07-rc2
DENX U-Boot=2019.07-rc3
DENX U-Boot=2019.07-rc4
CVE-2019-13106
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
DENX U-Boot>=2016.09<=2019.04
DENX U-Boot=2019.07
DENX U-Boot=2019.07-rc1
DENX U-Boot=2019.07-rc2
DENX U-Boot=2019.07-rc3
DENX U-Boot=2019.07-rc4
and 2 more
CVE-2019-13104
DENX U-Boot>=2016.09<=2019.04
DENX U-Boot=2019.07
DENX U-Boot=2019.07-rc1
DENX U-Boot=2019.07-rc2
DENX U-Boot=2019.07-rc3
DENX U-Boot=2019.07-rc4
and 2 more
CVE-2019-14204
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
DENX U-Boot<=2019.07
CVE-2019-14196
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
DENX U-Boot<=2019.07
CVE-2019-14200
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
DENX U-Boot<=2019.07
CVE-2019-14198
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
DENX U-Boot<=2019.07
CVE-2019-14194
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
DENX U-Boot<=2019.07
CVE-2019-14192
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
DENX U-Boot<=2019.07
CVE-2019-14197
DENX U-Boot<=2019.07
CVE-2019-14199
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
DENX U-Boot<=2019.07
CVE-2019-14195
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
DENX U-Boot<=2019.07
CVE-2019-14201
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
DENX U-Boot<=2019.07
CVE-2019-14203
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
DENX U-Boot<=2019.07
CVE-2019-14202
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
DENX U-Boot<=2019.07
CVE-2019-14193
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
DENX U-Boot<=2019.07
CVE-2019-13103
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwri...
DENX U-Boot<2019.04
DENX U-Boot=2019.04
DENX U-Boot=2019.04-rc1
DENX U-Boot=2019.04-rc2
DENX U-Boot=2019.04-rc3
DENX U-Boot=2019.04-rc4
and 4 more
CVE-2019-11059
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
DENX U-Boot>=2016.11<=2019.04
DENX U-Boot=2016.11-rc1
DENX U-Boot=2016.11-rc2
DENX U-Boot=2016.11-rc3
CVE-2019-11690
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boo...
DENX U-Boot>=2014.04<=2019.04
CVE-2018-3968
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows...
DENX U-Boot>=2013.07<=2014.07
DENX U-Boot=2013.07-rc1
DENX U-Boot=2013.07-rc2
DENX U-Boot=2013.07-rc3
DENX U-Boot=2014.07-rc1
DENX U-Boot=2014.07-rc2
CVE-2018-18439
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image...
DENX U-Boot<2018.09
DENX U-Boot=2018.09-rc1
CVE-2018-18440
DENX U-Boot<=2018.07
DENX U-Boot=2018.09-rc1
CVE-2017-3225
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may a...
DENX U-Boot<2017.09
CVE-2017-3226
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setti...
DENX U-Boot<2017.09
CVE-2018-1000205
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially craf...
DENX U-Boot<=2018.07

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203