VYPR
Vendor

Pengutronix

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2026-34963HigMay 11, 2026
    risk 0.55cvss 8.4epss 0.00

    barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap…

  • CVE-2026-34962MedMay 11, 2026
    risk 0.40cvss 6.2epss 0.00

    barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4…

  • CVE-2026-34155MedMar 31, 2026
    risk 0.27cvss 5.3epss 0.00

    RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a…

  • CVE-2020-25860Dec 21, 2020
    risk 0.00cvss epss 0.01

    The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just…