VYPR

U Boot

by U Boot

Source repositories

CVEs (45)

  • CVE-2025-36938Dec 11, 2025
    risk 0.00cvss epss 0.00

    In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-24857Dec 10, 2025
    risk 0.00cvss epss 0.00

    Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.

  • CVE-2022-30767CriMay 16, 2022
    risk 0.00cvss 9.8epss 0.02

    nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.

  • CVE-2021-27138HigFeb 17, 2021
    risk 0.00cvss 7.8epss 0.01

    The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.

  • CVE-2021-27097HigFeb 17, 2021
    risk 0.00cvss 7.8epss 0.01

    The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.

Page 3 of 3