Vendor
U Boot
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46728 | Hig | 0.46 | 8.2 | 0.00 | May 16, 2026 | Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash. | ||
| CVE-2025-36938 | 0.00 | — | 0.00 | Dec 11, 2025 | In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-24857 | 0.00 | — | 0.00 | Dec 10, 2025 | Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code. |
- risk 0.46cvss 8.2epss 0.00
Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
- CVE-2025-36938Dec 11, 2025risk 0.00cvss —epss 0.00
In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-24857Dec 10, 2025risk 0.00cvss —epss 0.00
Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.