Filtered by vendor Denx
Subscribe
Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33967 | 1 Denx | 1 U-boot | 2024-02-04 | N/A | 7.8 HIGH |
| squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution. | |||||
| CVE-2022-30767 | 2 Denx, Fedoraproject | 2 U-boot, Fedora | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. | |||||
| CVE-2022-34835 | 1 Denx | 1 U-boot | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function. | |||||
| CVE-2022-33103 | 1 Denx | 1 U-boot | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). | |||||
| CVE-2022-30552 | 1 Denx | 1 U-boot | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Das U-Boot 2022.01 has a Buffer Overflow. | |||||
| CVE-2022-30790 | 1 Denx | 1 U-boot | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. | |||||
| CVE-2021-27138 | 1 Denx | 1 U-boot | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. | |||||
| CVE-2021-27097 | 1 Denx | 1 U-boot | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. | |||||
| CVE-2020-10648 | 2 Denx, Opensuse | 2 U-boot, Leap | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. | |||||
| CVE-2020-8432 | 2 Denx, Opensuse | 2 U-boot, Leap | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. | |||||
| CVE-2019-14192 | 1 Denx | 1 U-boot | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. | |||||
| CVE-2019-14201 | 1 Denx | 1 U-boot | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. | |||||
| CVE-2019-13105 | 1 Denx | 1 U-boot | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem. | |||||
| CVE-2019-14200 | 1 Denx | 1 U-boot | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. | |||||
| CVE-2019-14203 | 1 Denx | 1 U-boot | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. | |||||
| CVE-2019-11059 | 1 Denx | 1 U-boot | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow. | |||||
| CVE-2019-13103 | 1 Denx | 1 U-boot | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
| A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. | |||||
| CVE-2019-14195 | 1 Denx | 1 U-boot | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length. | |||||
| CVE-2019-13106 | 2 Denx, Opensuse | 2 U-boot, Leap | 2024-02-04 | 8.3 HIGH | 7.8 HIGH |
| Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | |||||
| CVE-2019-14193 | 1 Denx | 1 U-boot | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length. | |||||