Every CVE whose affected-product data names Denx U-boot, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2019-14198 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when…
CVE-2022-34835 — CVSS 9.8 (critical): In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables…
CVE-2022-30767 — CVSS 9.8 (critical): nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check…
CVE-2018-18439 — CVSS 9.8 (critical): DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled…
CVE-2020-8432 — CVSS 9.8 (critical): In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a…
CVE-2019-14204 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function…
CVE-2019-11059 — CVSS 9.8 (critical): Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
CVE-2019-14203 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function…
CVE-2019-14202 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function…
CVE-2019-14201 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function…
CVE-2019-14200 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function…
CVE-2019-14199 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a…
CVE-2019-14192 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a…
CVE-2019-14193 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in…
CVE-2019-14194 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when…
CVE-2019-14195 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the…
CVE-2019-14196 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2019-14197 — CVSS 9.1 (critical): An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
CVE-2026-33243 — CVSS 8.2 (high): barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corresponding backport to 2025.09.3), an…
CVE-2024-42040 — CVSS 8.1 (high): Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform…
CVE-2019-13105 — CVSS 7.8 (high): Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
CVE-2019-13104 — CVSS 7.8 (high): In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including…
CVE-2019-13106 — CVSS 7.8 (high): Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a…
CVE-2020-10648 — CVSS 7.8 (high): Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a…
CVE-2018-18440 — CVSS 7.8 (high): DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is…
CVE-2022-33103 — CVSS 7.8 (high): Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
CVE-2022-33967 — CVSS 7.8 (high): squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability…
CVE-2022-2347 — CVSS 7.7 (high): There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup…
CVE-2025-24857 — CVSS 7.6 (high): Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips…
CVE-2024-57255 — CVSS 7.1 (high): An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of…
CVE-2019-13103 — CVSS 7.1 (high): A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the…
CVE-2024-57254 — CVSS 7.1 (high): An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs…
CVE-2024-57256 — CVSS 7.1 (high): An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a…
CVE-2024-57258 — CVSS 7.1 (high): Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size…
CVE-2024-57259 — CVSS 7.1 (high): sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory…
CVE-2018-3968 — CVSS 7.0 (high): An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected…
CVE-2025-45512 — CVSS 6.5 (medium): A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install…
CVE-2017-3226 — CVSS 6.4 (medium): Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC…
CVE-2019-11690 — CVSS 5.9 (medium): gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in…
CVE-2018-1000205 — CVSS 5.5 (medium): U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified…
CVE-2017-3225 — CVSS 4.6 (medium): Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment…
CVE-2024-57257 — CVSS 2.0 (low): A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.