ALT-PU-2019-2356-1
Package u-boot-tools updated to version 2019.07-alt1 for branch p9 in task 235355.
Closed vulnerabilities
Published: 2019-05-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11059
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-05-03
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11690
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
Severity: MEDIUM (5.9)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-07-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-13103
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
Severity: HIGH (7.1)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
References:
- https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdf
- https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75
- https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75
- https://github.com/u-boot/u-boot/commits/master
- https://github.com/u-boot/u-boot/commits/master
- https://lists.denx.de/pipermail/u-boot/2019-July/375512.html
- https://lists.denx.de/pipermail/u-boot/2019-July/375512.html