Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
denx u-boot vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-33967
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition ...
Denx U-boot 2021.04
Denx U-boot 2022.07
Denx U-boot 2022.01
Denx U-boot 2020.10
Denx U-boot 2021.01
Denx U-boot 2022.04
3.6
CVSSv2
CVE-2019-13103
A crafted self-referential DOS partition table will cause all Das U-Boot versions up to and including 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
Denx U-boot 2019.04
Denx U-boot
Denx U-boot 2019.07
4.4
CVSSv2
CVE-2018-3968
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an malicious user to bypass U-Boot's verified boot and execute an unsigned...
Denx U-boot 2013.07
Denx U-boot
Denx U-boot 2014.07
6.8
CVSSv2
CVE-2021-27097
The boot loader in Das U-Boot prior to 2021.04-rc2 mishandles a modified FIT.
Denx U-boot
Denx U-boot 2021.04
7.5
CVSSv2
CVE-2022-34835
In Das U-Boot up to and including 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
Denx U-boot 2022.07
Denx U-boot
7.5
CVSSv2
CVE-2019-11059
Das U-Boot 2016.11-rc1 up to and including 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
Denx U-boot 2016.11
Denx U-boot
10
CVSSv2
CVE-2018-18439
DENX U-Boot up to and including 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.
Denx U-boot 2018.09
Denx U-boot
7.2
CVSSv2
CVE-2018-18440
DENX U-Boot up to and including 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.
Denx U-boot
Denx U-boot 2018.09
6.8
CVSSv2
CVE-2021-27138
The boot loader in Das U-Boot prior to 2021.04-rc2 mishandles use of unit addresses in a FIT.
Denx U-boot
Denx U-boot 2021.04
4.6
CVSSv2
CVE-2022-33103
Das U-Boot from v2020.10 to v2022.07-rc3 exists to contain an out-of-bounds write via the function sqfs_readdir().
Denx U-boot 2022.07
Denx U-boot
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »