rpm package
suse/u-boot-rpi3&distro=SUSE Linux Enterprise Server 12 SP4-LTSS
pkg:rpm/suse/u-boot-rpi3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-13103 | Hig | 7.1 | < 2018.03-4.3.1 | 2018.03-4.3.1 | Jul 29, 2019 | A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. | |
| CVE-2019-11059 | — | < 2018.03-4.3.1 | 2018.03-4.3.1 | May 10, 2019 | Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow. | ||
| CVE-2019-11690 | — | < 2018.03-4.3.1 | 2018.03-4.3.1 | May 3, 2019 | gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device. |
- affected < 2018.03-4.3.1fixed 2018.03-4.3.1
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
- CVE-2019-11059May 10, 2019affected < 2018.03-4.3.1fixed 2018.03-4.3.1
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
- CVE-2019-11690May 3, 2019affected < 2018.03-4.3.1fixed 2018.03-4.3.1
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
Page 2 of 2