Search CVE reports
1 – 10 of 50 results
(U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in ...)
2 affected packages
u-boot, u-boot-nezha
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| u-boot | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| u-boot-nezha | Not in release | Needs evaluation | Needs evaluation | — | — |
(U-Boot through 2026.04-rc3 contains an integer underflow vulnerability ...)
2 affected packages
u-boot, u-boot-nezha
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| u-boot | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| u-boot-nezha | Not in release | Needs evaluation | Needs evaluation | — | — |
(U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerabilit ...)
2 affected packages
u-boot, u-boot-nezha
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| u-boot | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| u-boot-nezha | Not in release | Needs evaluation | Needs evaluation | — | — |
Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
2 affected packages
u-boot, u-boot-nezha
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| u-boot | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| u-boot-nezha | Not in release | Needs evaluation | Needs evaluation | — | — |
A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
2 affected packages
u-boot, u-boot-nezha
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| u-boot | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| u-boot-nezha | Not in release | Vulnerable | Vulnerable | — | — |
Some fixes available 2 of 11
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
2 affected packages
u-boot, u-boot-nezha
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
| u-boot-nezha | Not in release | Needs evaluation | Needs evaluation | Not in release | — |
Some fixes available 2 of 11
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
2 affected packages
u-boot, u-boot-nezha
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
| u-boot-nezha | Not in release | Needs evaluation | Needs evaluation | Not in release | — |
Some fixes available 2 of 11
A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
2 affected packages
u-boot, u-boot-nezha
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
| u-boot-nezha | Not in release | Needs evaluation | Needs evaluation | Not in release | — |
Some fixes available 2 of 11
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and...
2 affected packages
u-boot, u-boot-nezha
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
| u-boot-nezha | Not in release | Needs evaluation | Needs evaluation | Not in release | — |
Some fixes available 2 of 11
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
2 affected packages
u-boot, u-boot-nezha
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
| u-boot-nezha | Not in release | Needs evaluation | Needs evaluation | Not in release | — |