Search CVE reports


Toggle filters

1 – 10 of 16 results


CVE-2026-29009

Medium priority
Needs evaluation

(U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in ...)

2 affected packages

u-boot, u-boot-nezha

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
u-boot Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
u-boot-nezha Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-29008

Medium priority
Needs evaluation

(U-Boot through 2026.04-rc3 contains an integer underflow vulnerability ...)

2 affected packages

u-boot, u-boot-nezha

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
u-boot Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
u-boot-nezha Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-29007

Medium priority
Needs evaluation

(U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerabilit ...)

2 affected packages

u-boot, u-boot-nezha

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
u-boot Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
u-boot-nezha Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-46728

Medium priority
Needs evaluation

Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.

2 affected packages

u-boot, u-boot-nezha

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
u-boot Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
u-boot-nezha Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-45512

Medium priority
Vulnerable

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.

2 affected packages

u-boot, u-boot-nezha

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
u-boot Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
u-boot-nezha Not in release Vulnerable Vulnerable
Show less packages

CVE-2024-57259

Medium priority

Some fixes available 2 of 11

sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.

2 affected packages

u-boot, u-boot-nezha

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
u-boot Not affected Fixed Fixed Needs evaluation Needs evaluation
u-boot-nezha Not in release Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2024-57258

Medium priority

Some fixes available 2 of 11

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.

2 affected packages

u-boot, u-boot-nezha

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
u-boot Not affected Fixed Fixed Needs evaluation Needs evaluation
u-boot-nezha Not in release Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2024-57257

Medium priority

Some fixes available 2 of 11

A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.

2 affected packages

u-boot, u-boot-nezha

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
u-boot Not affected Fixed Fixed Needs evaluation Needs evaluation
u-boot-nezha Not in release Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2024-57256

Medium priority

Some fixes available 2 of 11

An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and...

2 affected packages

u-boot, u-boot-nezha

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
u-boot Not affected Fixed Fixed Needs evaluation Needs evaluation
u-boot-nezha Not in release Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2024-57255

Medium priority

Some fixes available 2 of 11

An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

2 affected packages

u-boot, u-boot-nezha

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
u-boot Not affected Fixed Fixed Needs evaluation Needs evaluation
u-boot-nezha Not in release Needs evaluation Needs evaluation Not in release
Show less packages