Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
denx u-boot vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-30790
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
Denx U-boot 2022.01
7.8
CVSSv3
CVE-2021-27097
The boot loader in Das U-Boot prior to 2021.04-rc2 mishandles a modified FIT.
Denx U-boot
Denx U-boot 2021.04
7.8
CVSSv3
CVE-2021-27138
The boot loader in Das U-Boot prior to 2021.04-rc2 mishandles use of unit addresses in a FIT.
Denx U-boot
Denx U-boot 2021.04
7.8
CVSSv3
CVE-2020-10648
Das U-Boot up to and including 2020.01 allows malicious users to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
Denx U-boot
Denx U-boot 2020.01
Opensuse Leap 15.2
7.8
CVSSv3
CVE-2019-13105
Das U-Boot versions 2019.07-rc1 up to and including 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
Denx U-boot 2019.07
7.8
CVSSv3
CVE-2019-13106
Das U-Boot versions 2016.09 up to and including 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
Denx U-boot 2019.07
Denx U-boot
Opensuse Leap 15.0
Opensuse Leap 15.1
7.8
CVSSv3
CVE-2019-13104
In Das U-Boot versions 2016.11-rc1 up to and including 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
Denx U-boot 2019.07
Denx U-boot
Opensuse Leap 15.0
Opensuse Leap 15.1
7.8
CVSSv3
CVE-2018-18440
DENX U-Boot up to and including 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.
Denx U-boot
Denx U-boot 2018.09
7.1
CVSSv3
CVE-2022-2347
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a...
Denx U-boot
7.1
CVSSv3
CVE-2019-13103
A crafted self-referential DOS partition table will cause all Das U-Boot versions up to and including 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
Denx U-boot 2019.04
Denx U-boot
Denx U-boot 2019.07
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »