Denx: >> U-Boot >> 2018.09 Security Vulnerabilities
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-05-10
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
CVSS Score
5.9
EPSS Score
0.003
Published
2019-05-03
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-11-20
DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-11-20
Page 4