Candidate: CVE-2019-13106
PublicDate: 2019-08-06 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13106
 https://lists.denx.de/pipermail/u-boot/2019-July/375516.html
 https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75
 https://gitlab.denx.de/u-boot/u-boot/commits/master
Description:
 Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data
 while reading a crafted ext4 filesystem, which results in a stack buffer
 overflow and likely code execution.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_u-boot:
 upstream: https://gitlab.denx.de/u-boot/u-boot/commit/e205896c5383c938274262524adceb2775fb03ba
upstream_u-boot: released (2020.01+dfsg-1)
precise/esm_u-boot: DNE
trusty_u-boot: ignored (out of standard support)
trusty/esm_u-boot: DNE
xenial_u-boot: not-affected (code not present)
esm-infra/xenial_u-boot: not-affected (code not present)
bionic_u-boot: released (2020.10+dfsg-1ubuntu0~18.04.2)
disco_u-boot: ignored (reached end-of-life)
eoan_u-boot: ignored (reached end-of-life)
focal_u-boot: released (2021.01+dfsg-3ubuntu0~20.04.3)
groovy_u-boot: not-affected (2020.04+dfsg-2ubuntu1)
hirsute_u-boot: not-affected (2020.04+dfsg-2ubuntu1)
impish_u-boot: not-affected (2020.04+dfsg-2ubuntu1)
jammy_u-boot: not-affected (2020.04+dfsg-2ubuntu1)
devel_u-boot: not-affected (2020.04+dfsg-2ubuntu1)