Denx: >> U-Boot >> 2019.10 Security Vulnerabilities
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-17
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
CVSS Score
9.8
EPSS Score
0.02
Published
2020-01-29
Page 2