RSS   Vulnerabilities for 'U-boot'   RSS

2019-05-10
 
CVE-2019-11059

CWE-119
 

 
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.

 
2019-05-03
 
CVE-2019-11690

CWE-330
 

 
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.

 
2019-03-21
 
CVE-2018-3968

CWE-347
 

 
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.

 
2018-06-26
 
CVE-2018-1000205

CWE-20
 

 
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.

 

 >>> Vendor: DENX 2 Products
U-boot
Das u-boot firmware


Copyright 2019, cxsecurity.com

 

Back to Top