Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
denx u-boot vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2022-2347
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a...
Denx U-boot
7.8
CVSSv3
CVE-2022-33967
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition ...
Denx U-boot 2021.04
Denx U-boot 2022.07
Denx U-boot 2022.01
Denx U-boot 2020.10
Denx U-boot 2021.01
Denx U-boot 2022.04
7.8
CVSSv3
CVE-2022-33103
Das U-Boot from v2020.10 to v2022.07-rc3 exists to contain an out-of-bounds write via the function sqfs_readdir().
Denx U-boot 2022.07
Denx U-boot
9.8
CVSSv3
CVE-2022-34835
In Das U-Boot up to and including 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
Denx U-boot 2022.07
Denx U-boot
5.5
CVSSv3
CVE-2022-30552
Das U-Boot 2022.01 has a Buffer Overflow.
Denx U-boot 2022.01
7.8
CVSSv3
CVE-2022-30790
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
Denx U-boot 2022.01
9.8
CVSSv3
CVE-2022-30767
nfs_lookup_reply in net/nfs.c in Das U-Boot up to and including 2022.04 (and up to and including 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
Denx U-boot
Denx U-boot 2022.07
Fedoraproject Fedora 36
7.8
CVSSv3
CVE-2021-27097
The boot loader in Das U-Boot prior to 2021.04-rc2 mishandles a modified FIT.
Denx U-boot
Denx U-boot 2021.04
7.8
CVSSv3
CVE-2021-27138
The boot loader in Das U-Boot prior to 2021.04-rc2 mishandles use of unit addresses in a FIT.
Denx U-boot
Denx U-boot 2021.04
7.8
CVSSv3
CVE-2020-10648
Das U-Boot up to and including 2020.01 allows malicious users to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
Denx U-boot
Denx U-boot 2020.01
Opensuse Leap 15.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »