CVE-2020-8432
29.01.2020, 19:15
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| denx | u-boot | 𝑥 ≤ 2020.01 |
| opensuse | leap | 15.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| u-boot-rpi3 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| u-boot-rpiarm64 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| u-boot-rpiarm64-doc |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| u-boot-tools |
|
Common Weakness Enumeration
References