U Boot
by U Boot
Source repositories
CVEs (45)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-36938 | 0.00 | — | 0.00 | Dec 11, 2025 | In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-24857 | 0.00 | — | 0.00 | Dec 10, 2025 | Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code. | |||
| CVE-2022-30767 | Cri | 0.00 | 9.8 | 0.02 | May 16, 2022 | nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. | ||
| CVE-2021-27138 | Hig | 0.00 | 7.8 | 0.01 | Feb 17, 2021 | The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. | ||
| CVE-2021-27097 | Hig | 0.00 | 7.8 | 0.01 | Feb 17, 2021 | The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. |
- CVE-2025-36938Dec 11, 2025risk 0.00cvss —epss 0.00
In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-24857Dec 10, 2025risk 0.00cvss —epss 0.00
Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.
- risk 0.00cvss 9.8epss 0.02
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
- risk 0.00cvss 7.8epss 0.01
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
- risk 0.00cvss 7.8epss 0.01
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
Page 3 of 3