CVE-2020-8432

Priority
Description
In Das U-Boot through 2020.01, a double free has been found in the
cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a
write-what-where condition, allowing an attacker to execute arbitrary code.
NOTE: this vulnerablity was introduced when attempting to fix a memory leak
identified by static analysis.
Notes
mdeslaurper thread, introduced by:
https://gitlab.denx.de/u-boot/u-boot/commit/18030d04
Package
Upstream:released (2020.01+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.10 (Eoan Ermine):needed
Ubuntu 20.04 (Focal Fossa):needed
Patches:
Upstream:https://gitlab.denx.de/u-boot/u-boot/commit/5749faa3d6837d6dbaf2119fc3ec49a326690c8f
More Information

Updated: 2020-03-18 21:44:51 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)