CVE-2020-8432
Published: 29 January 2020
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
Notes
Author | Note |
---|---|
mdeslaur | per thread, introduced by: https://gitlab.denx.de/u-boot/u-boot/commit/18030d04 |
Priority
Status
Package | Release | Status |
---|---|---|
u-boot Launchpad, Ubuntu, Debian |
bionic |
Released
(2020.10+dfsg-1ubuntu0~18.04.2)
|
eoan |
Ignored
(end of life)
|
|
focal |
Released
(2021.01+dfsg-3ubuntu0~20.04.3)
|
|
groovy |
Not vulnerable
(2020.04+dfsg-2ubuntu1)
|
|
hirsute |
Not vulnerable
(2020.04+dfsg-2ubuntu1)
|
|
impish |
Not vulnerable
(2020.04+dfsg-2ubuntu1)
|
|
jammy |
Not vulnerable
(2020.04+dfsg-2ubuntu1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2020.01+dfsg-1)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://gitlab.denx.de/u-boot/u-boot/commit/5749faa3d6837d6dbaf2119fc3ec49a326690c8f |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://lists.denx.de/pipermail/u-boot/2020-January/396799.html
- https://lists.denx.de/pipermail/u-boot/2020-January/396853.html
- https://www.mail-archive.com/u-boot@lists.denx.de/msg354060.html
- https://www.mail-archive.com/u-boot@lists.denx.de/msg354114.html
- https://www.cve.org/CVERecord?id=CVE-2020-8432
- NVD
- Launchpad
- Debian