Denx: >> U-Boot >> 2017.09 Security Vulnerabilities
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
CVSS Score
5.9
EPSS Score
0.003
Published
2019-05-03
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-11-20
DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-11-20
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-06-26
Page 4