CVE Tools

denx

DevTools & CIoss-project

32

Cumulative CVEs

7

Monthly snapshots

#39

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting denx.

CVE-2026-46728Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.8.2May 16, 2026
CVE-2026-33243barebox: FIT Signature Verification Bypass Vulnerability8.2Mar 20, 2026
CVE-2025-24857Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ957...7.6Dec 10, 2025
CVE-2025-45512A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.6.5Aug 5, 2025
CVE-2024-57259sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a s...7.1Feb 18, 2025
CVE-2024-57258Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.7.1Feb 18, 2025
CVE-2024-57257A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.2.0Feb 18, 2025
CVE-2024-57256An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, result...7.1Feb 18, 2025
CVE-2024-57255An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant m...7.1Feb 18, 2025
CVE-2024-57254An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.7.1Feb 18, 2025
CVE-2022-2347Unchecked Download size in Uboot7.7Sep 23, 2022
CVE-2022-33967squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading ...7.8Jul 20, 2022
CVE-2022-33103Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().7.8Jul 1, 2022
CVE-2022-34835In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_m...9.8Jun 29, 2022
CVE-2022-30552Das U-Boot 2022.01 has a Buffer Overflow.5.5Jun 8, 2022