Vulnerabilities > Denx > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-17 CVE-2021-27138 Unspecified vulnerability in Denx U-Boot
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
network
denx
6.8
2021-02-17 CVE-2021-27097 Unspecified vulnerability in Denx U-Boot
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
network
denx
6.8
2020-03-19 CVE-2020-10648 Improper Input Validation vulnerability in multiple products
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
network
denx opensuse CWE-20
6.8
2019-08-06 CVE-2019-13105 Double Free vulnerability in Denx U-Boot 2019.07
Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
network
denx CWE-415
6.8
2019-08-06 CVE-2019-13104 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
6.8
2019-07-31 CVE-2019-14197 Out-of-bounds Read vulnerability in Denx U-Boot
An issue was discovered in Das U-Boot through 2019.07.
network
low complexity
denx CWE-125
6.4
2019-05-03 CVE-2019-11690 Use of Insufficiently Random Values vulnerability in Denx U-Boot
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
network
denx CWE-330
4.3
2018-07-24 CVE-2017-3226 Cryptographic Issues vulnerability in Denx U-Boot
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file.
local
denx CWE-310
4.4
2018-06-26 CVE-2018-1000205 Improper Input Validation vulnerability in Denx U-Boot
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot.
network
denx CWE-20
4.3