In Das U-Boot up to and including 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an malicious user to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
denx u-boot |
||
opensuse leap 15.2 |