Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2018-18440

Published: 20 November 2018

DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.

Priority

Negligible

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
u-boot
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(2019.07+dfsg-1ubuntu4~18.04.1)
focal Not vulnerable
(2019.07+dfsg-1ubuntu6)
disco Ignored
(end of life)
eoan Ignored
(end of life)
xenial Needed

jammy Not vulnerable
(2020.04+dfsg-2ubuntu1)
cosmic Ignored
(end of life)
groovy Not vulnerable
(2020.04+dfsg-2ubuntu1)
hirsute Not vulnerable
(2020.04+dfsg-2ubuntu1)
impish Not vulnerable
(2020.04+dfsg-2ubuntu1)
kinetic Not vulnerable
(2020.04+dfsg-2ubuntu1)
lunar Not vulnerable
(2020.04+dfsg-2ubuntu1)
trusty Does not exist
(trusty was needed)
upstream
Released (2019.04)
mantic Not vulnerable
(2020.04+dfsg-2ubuntu1)
Patches:
upstream: https://github.com/u-boot/u-boot/commit/5b978dab7b8b534e9bf50b97a875dbc9c15cfb54
upstream: https://github.com/u-boot/u-boot/commit/aa3c609e2be5a837e7b81e308d47f55b67666bd6
upstream: https://github.com/u-boot/u-boot/commit/d67f33cf4ee72fd9bc64d68cb51a77798b65cf3a
upstream: https://github.com/u-boot/u-boot/commit/0f7c51a676ca73f7950a7e4f9d8454e57324270c
upstream: https://github.com/u-boot/u-boot/commit/4cc8af8037ebabd674d0a6bed202b0c711dc7699
upstream: https://github.com/u-boot/u-boot/commit/aa3c609e2be5a837e7b81e308d47f55b67666bd6

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H