Search CVE reports
1 – 10 of 38 results
CVE-2023-48426
Medium priorityu-boot bug that allows for u-boot shell and interrupt over UART
2 affected packages
u-boot, u-boot-nezha
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Not affected | Not affected | Not affected | Not affected |
| u-boot-nezha | Not affected | Not affected | Not in release | — | — |
CVE-2022-2347
Medium prioritySome fixes available 9 of 14
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified...
2 affected packages
u-boot, u-boot-nezha
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| u-boot-nezha | Vulnerable | Fixed | Not in release | Not in release | Ignored |
CVE-2022-33967
Medium prioritySome fixes available 3 of 5
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs...
1 affected packages
u-boot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
CVE-2022-33103
Medium prioritySome fixes available 3 of 5
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
1 affected packages
u-boot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2022-34835
Medium prioritySome fixes available 3 of 5
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
1 affected packages
u-boot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
CVE-2022-30790
Medium prioritySome fixes available 5 of 10
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
2 affected packages
u-boot, u-boot-nezha
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
| u-boot-nezha | Vulnerable | Fixed | Not in release | Not in release | Ignored |
CVE-2022-30552
Medium prioritySome fixes available 5 of 10
Das U-Boot 2022.01 has a Buffer Overflow.
2 affected packages
u-boot, u-boot-nezha
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
| u-boot-nezha | Vulnerable | Fixed | Not in release | Not in release | Ignored |
CVE-2022-30767
Medium prioritySome fixes available 3 of 5
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
1 affected packages
u-boot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2020-23026
Low priorityA NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS).
45 affected packages
gcc-3.3, gcc-4.4, gcc-4.6, gcc-4.7, gcc-4.7-armel-cross...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gcc-3.3 | — | Ignored | Ignored | Ignored | Ignored |
| gcc-4.4 | — | Not in release | Not in release | Not in release | Not in release |
| gcc-4.6 | — | Not in release | Not in release | Not in release | Not in release |
| gcc-4.7 | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.7-armel-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.7-armhf-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.8 | — | Not in release | Not in release | Ignored | Ignored |
| gcc-4.8-arm64-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.8-armhf-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.8-powerpc-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.8-ppc64el-cross | — | Not in release | Not in release | Not in release | Ignored |
| gcc-4.9 | — | Not in release | Not in release | Not in release | Ignored |
| gcc-5 | — | Not in release | Not in release | Ignored | Ignored |
| gcc-5-cross | — | Not in release | Not in release | Ignored | Ignored |
| gcc-6 | — | Not in release | Not in release | Ignored | Not in release |
| gcc-6-cross | — | Not in release | Not in release | Ignored | Not in release |
| gcc-6-cross-ports | — | Not in release | Not in release | Ignored | Not in release |
| gcc-7 | — | Not in release | Ignored | Ignored | Not in release |
| gcc-7-cross | — | Not in release | Not in release | Ignored | Not in release |
| gcc-7-cross-ports | — | Not in release | Not in release | Ignored | Not in release |
| gcc-8 | — | Not in release | Ignored | Ignored | Not in release |
| gcc-8-cross | — | Not in release | Ignored | Ignored | Not in release |
| gcc-8-cross-ports | — | Not in release | Ignored | Ignored | Not in release |
| gcc-9 | — | Ignored | Ignored | Not in release | Not in release |
| gcc-9-cross | — | Ignored | Ignored | Not in release | Not in release |
| gcc-9-cross-ports | — | Ignored | Ignored | Not in release | Not in release |
| gcc-arm-linux-androideabi | — | Not in release | Not in release | Not in release | Ignored |
| gcc-arm-none-eabi | — | Ignored | Ignored | Ignored | Ignored |
| gcc-avr | — | Ignored | Ignored | Ignored | Ignored |
| gcc-defaults | — | Ignored | Ignored | Ignored | Ignored |
| gcc-defaults-arm64-cross | — | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-armel-cross | — | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-armhf-cross | — | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-powerpc-cross | — | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-ppc64el-cross | — | Not in release | Not in release | Not in release | Not in release |
| gcc-h8300-hms | — | Ignored | Ignored | Ignored | Ignored |
| gcc-i686-linux-android | — | Not in release | Not in release | Not in release | Ignored |
| gcc-m68hc1x | — | Ignored | Ignored | Ignored | Ignored |
| gcc-mingw-w64 | — | Ignored | Ignored | Ignored | Ignored |
| gcc-msp430 | — | Ignored | Ignored | Ignored | Ignored |
| gcc-opt | — | Ignored | Ignored | Ignored | Ignored |
| gcc-snapshot | — | Ignored | Ignored | Ignored | Ignored |
| gccgo-4.9 | — | Not in release | Not in release | Not in release | Not in release |
| gccgo-6 | — | Not in release | Not in release | Not in release | Ignored |
| u-boot | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-27138
Low priorityThe boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
1 affected packages
u-boot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| u-boot | — | Not affected | Ignored | Ignored | Ignored |