Search CVE reports
1 – 10 of 39 results
CVE-2024-42040
Medium priorityBuffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory...
2 affected packages
u-boot, u-boot-nezha
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| u-boot-nezha | Vulnerable | Vulnerable | Not in release | — | — |
CVE-2023-48426
Medium priorityu-boot bug that allows for u-boot shell and interrupt over UART
2 affected packages
u-boot, u-boot-nezha
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Not affected | Not affected | Not affected | Not affected |
| u-boot-nezha | Not affected | Not affected | Not in release | — | — |
CVE-2022-2347
Medium prioritySome fixes available 10 of 16
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified...
2 affected packages
u-boot, u-boot-nezha
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| u-boot-nezha | Vulnerable | Fixed | Not in release | Not in release | Ignored |
CVE-2022-33967
Medium prioritySome fixes available 3 of 5
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs...
1 affected package
u-boot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
CVE-2022-33103
Medium prioritySome fixes available 3 of 5
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
1 affected package
u-boot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2022-34835
Medium prioritySome fixes available 3 of 5
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
1 affected package
u-boot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
CVE-2022-30790
Medium prioritySome fixes available 5 of 11
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
2 affected packages
u-boot, u-boot-nezha
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
| u-boot-nezha | Vulnerable | Fixed | Not in release | Not in release | Ignored |
CVE-2022-30552
Medium prioritySome fixes available 5 of 11
Das U-Boot 2022.01 has a Buffer Overflow.
2 affected packages
u-boot, u-boot-nezha
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
| u-boot-nezha | Vulnerable | Fixed | Not in release | Not in release | Ignored |
CVE-2022-30767
Medium prioritySome fixes available 3 of 5
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
1 affected package
u-boot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2020-23026
Low priorityA NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS).
45 affected packages
gcc-3.3, gcc-4.4, gcc-4.6, gcc-4.7, gcc-4.7-armel-cross...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gcc-3.3 | — | Ignored | Ignored | Ignored | Ignored |
| gcc-4.4 | — | Not in release | Not in release | Not in release | Not in release |
| gcc-4.6 | — | Not in release | Not in release | Not in release | Not in release |
| gcc-4.7 | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.7-armel-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.7-armhf-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.8 | — | Not in release | Not in release | Ignored | Ignored |
| gcc-4.8-arm64-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.8-armhf-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.8-powerpc-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.8-ppc64el-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.9 | — | Not in release | Not in release | Not in release | Ignored |
| gcc-5 | — | Not in release | Not in release | Ignored | Ignored |
| gcc-5-cross | — | Not in release | Not in release | Ignored | Ignored |
| gcc-6 | — | Not in release | Not in release | Ignored | Not in release |
| gcc-6-cross | — | Not in release | Not in release | Ignored | Not in release |
| gcc-6-cross-ports | — | Not in release | Not in release | Ignored | Not in release |
| gcc-7 | — | Not in release | Ignored | Ignored | Not in release |
| gcc-7-cross | — | Not in release | Not in release | Ignored | Not in release |
| gcc-7-cross-ports | — | Not in release | Not in release | Ignored | Not in release |
| gcc-8 | — | Not in release | Ignored | Ignored | Not in release |
| gcc-8-cross | — | Not in release | Ignored | Ignored | Not in release |
| gcc-8-cross-ports | — | Not in release | Ignored | Ignored | Not in release |
| gcc-9 | — | Ignored | Ignored | Not in release | Not in release |
| gcc-9-cross | — | Ignored | Ignored | Not in release | Not in release |
| gcc-9-cross-ports | — | Ignored | Ignored | Not in release | Not in release |
| gcc-arm-linux-androideabi | — | Not in release | Not in release | Not in release | Ignored |
| gcc-arm-none-eabi | — | Ignored | Ignored | Ignored | Ignored |
| gcc-avr | — | Ignored | Ignored | Ignored | Ignored |
| gcc-defaults | — | Ignored | Ignored | Ignored | Ignored |
| gcc-defaults-arm64-cross | — | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-armel-cross | — | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-armhf-cross | — | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-powerpc-cross | — | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-ppc64el-cross | — | Not in release | Not in release | Not in release | Not in release |
| gcc-h8300-hms | — | Ignored | Ignored | Ignored | Ignored |
| gcc-i686-linux-android | — | Not in release | Not in release | Not in release | Ignored |
| gcc-m68hc1x | — | Ignored | Ignored | Ignored | Ignored |
| gcc-mingw-w64 | — | Ignored | Ignored | Ignored | Ignored |
| gcc-msp430 | — | Ignored | Ignored | Ignored | Ignored |
| gcc-opt | — | Ignored | Ignored | Ignored | Ignored |
| gcc-snapshot | — | Ignored | Ignored | Ignored | Ignored |
| gccgo-4.9 | — | Not in release | Not in release | Not in release | Not in release |
| gccgo-6 | — | Not in release | Not in release | Not in release | Ignored |
| u-boot | — | Not affected | Not affected | Not affected | Not affected |